Old references to DST Root CA X3 in PKI realms

Monday, 6 December 2021

Hi all,

As you may know, the DST Root CA X3 expired some time ago. The debops.pki role used to
configure it as the root certificate for all realms that were issued by Let's Encrypt.
Let's Encrypt has since switched to their own ISRG Root X1, and the DebOps role has
been updated to reflect this. If you have the latest patches from the master or stable
branches, new realms will automatically have the new root ca configured. This change will
also be in the next DebOps release, which is planned for January 2022.

However, re-running the patched debops.pki role against all your hosts will not
automatically update the existing realms. You can follow these instructions to update any
old references to the DST root in your realms:
https://github.com/debops/debops/issues/1860#issuecomment-986784054

If you have any comments about this, please put them in the linked GitHub issue.

Thanks,

Imre

2024

2023

2022

2021

2020

2019

2018

2017

2016

Old references to DST Root CA X3 in PKI realms