๐ Sectigo root CA expiring, may not be handled well by slightly older linux versions
๐ก Newskategorie: Linux Tipps
๐ Quelle: reddit.com
It looks like some older distributions of linux (we've seen issues with Deb 9 and earlier and Ubuntu 16.04 and earlier) will not properly expire/ignore this root cert unless it is actually removed. Ubuntu 18 and up, as well as Deb 10 are unaffected. To verify this, create a host based on one of these distributions and roll the time forward Jun 1st or so. Running curl against certain domains will fail with a certificate expired error. For example: curl https://crt.sh.
This happens even if ca-certificates has been updated. This obviously does not affect all domains, but we have a number of critical internal and external endpoints that use comodo/sectigo certs that had the issue.
[link] [comments] ...