Discussion:
[cryptopp-users] Website back up
Jeffrey Walton
2018-09-21 08:42:06 UTC
Permalink
Hi Everyone,

We gave up on Comodo to renew the web server's certificate. We were never
able to upload our revised CSR.

We revisited Let's Encrypt and fixed the server configuration so the
letsencrypt command line tool could complete. The problem was, we did not
remove httpd.x86_64 and httpd-tools.x86_64 after installing the updated
httpd2-httpd.x86_64 and httpd2-httpd-tools.x86_64. Let's Encrypt was trying
to use the old tools rather than the new ones in /opt/rh.

The server is back online using the same public key. Anyone who is pinning
the public key should not notice the change in service.

Jeff
--
You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jeffrey Walton
2018-09-21 09:04:23 UTC
Permalink
Post by Jeffrey Walton
Hi Everyone,
We gave up on Comodo to renew the web server's certificate. We were never
able to upload our revised CSR.
We revisited Let's Encrypt and fixed the server configuration so the
letsencrypt command line tool could complete. The problem was, we did not
remove httpd.x86_64 and httpd-tools.x86_64 after installing the updated
httpd2-httpd.x86_64 and httpd2-httpd-tools.x86_64. Let's Encrypt was trying
to use the old tools rather than the new ones in /opt/rh.
The server is back online using the same public key. Anyone who is pinning
the public key should not notice the change in service.
My bad, I should have provided this link:
https://www.ssllabs.com/ssltest/analyze.html?d=www.cryptopp.com

A couple of minor squawks, like an extra cert in the chain. That's because
Let's Encrypt was cross-signed by two different CAs. Client software and
user agents can use one of two roots to verify the chain. It should be most
helpful in some of the older mobile devices.

Jeff
--
You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...