Change SSL Cert for api.wp-worthy.de to Support OpenSSL 1.0.2

  • Resolved svenkrausezs

    (@svenkrausezs)


    2 years, 3 months ago

    For Systems like Centos 7, Unbunto 16.04, RHEL 7 its not possible to use the api.wp-worthy.de because of a chain break in Let’s Enrypt and OpenSSL 1.0.2.

    For TLS certificates issued by Let’s Encrypt, the root certificate (DST Root CA X3) in the default chain expires on September 30, 2021. Due to their unique approach, the expired certificate will continue to be part of the certificate chain till 2024. This affects OpenSSL 1.0.2k on RHEL/CentOS 7 servers, and will result in applications/tools failing to establish TLS/HTTPS connections with a certificate has expired message. Source: https://blog.devgenius.io/rhel-centos-7-fix-for-lets-encrypt-change-8af2de587fe4

    On Systems with OpenSSL 1.0.2 the SSL Cert Chain breaks. For systems like CentOs 7 there are no options to use OpenSSL 1.1.x.

    So if you change the SSL Cert from Let’s Enrcypt to another Public one, the older system like Centos 7, Unbunto 16.04, RHEL 7 will work without Problems.

Viewing 1 replies (of 1 total)
  • Plugin Author tiggerswelt

    (@tiggerswelt)

    Hello @svenkrausezs,

    unfortunately my team is not willing to change the CA because of an outdated client. But there is a solution at least for CentOS 7 – as also mentioned on your reference-link:

    Update ca-certificates to at least 2021.2.50-73 which should fix the problem at the root of the issue.

    We have verified the issue itself and that is has been fixed with ca-certificates 2022.2.54 (latest version for CentOS 7).

    Please don’t feel like your issue was rejected. We took it serious and tested everything well, but we believe that an up-to-date client is the best solution for everyone.

    Kind regards,
    Bernd

Viewing 1 replies (of 1 total)
  • The topic ‘Change SSL Cert for api.wp-worthy.de to Support OpenSSL 1.0.2’ is closed to new replies.