From: Brian Inglis <Brian.Inglis@SystematicSW.ab.ca>
To: Cygwin Apps <cygwin-apps@cygwin.com>
Subject: Let's Encrypt Dropping Cross-Signed Root and Intermediates; Issuing New Intermediates; New Cert Chains
Date: Tue, 16 Apr 2024 21:48:09 -0600 [thread overview]
Message-ID: <16f3e2ff-d86a-4ba5-9f70-5447fe3d0e5f@SystematicSW.ab.ca> (raw)
Hi folks,
https://letsencrypt.org/2023/07/10/cross-sign-expiration
Shortening the Let's Encrypt Chain of Trust
"On Thursday, Feb 8th, 2024, we stopped providing the cross-sign by default in
requests made to our /acme/certificate API endpoint.
On Thursday, June 6th, 2024, we will stop providing the longer cross-signed
chain entirely.
On Monday, September 30th, 2024, the cross-signed certificate will expire."
https://letsencrypt.org/2024/03/19/new-intermediate-certificates
New Intermediate Certificates
"Let’s Encrypt generated 10 new Intermediate CA Key Pairs, and issued 15 new
Intermediate CA Certificates containing the new public keys."
https://letsencrypt.org/2024/04/12/changes-to-issuance-chains
Deploying Let's Encrypt's New Issuance Chains
"On Thursday, June 6th, 2024, we will be switching issuance to use our new
intermediate certificates. Simultaneously, we are removing the DST Root CA X3
cross-sign from our API, aligning with our strategy to shorten the Let’s Encrypt
chain of trust. We will begin issuing ECDSA end-entity certificates from a
default chain that just contains a single ECDSA intermediate, removing a second
intermediate and the option to issue an ECDSA end-entity certificate from an RSA
intermediate."
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry
next reply other threads:[~2024-04-17 3:48 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-17 3:48 Brian Inglis [this message]
2024-04-19 12:48 ` Jon Turney
2024-04-19 13:13 ` Brian Inglis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=16f3e2ff-d86a-4ba5-9f70-5447fe3d0e5f@SystematicSW.ab.ca \
--to=brian.inglis@systematicsw.ab.ca \
--cc=cygwin-apps@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).