News: Let's Encrypt's new intermediate certificate

Discussion in 'Server Operation' started by Th0m, Dec 2, 2020.

  1. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    From today forward, new Let's Encrypt certificates will be signed using their new R3 intermediate certificate instead of the X3 intermediate certificate. Most users won't notice it, the transition is really smooth.

    If you have 2 1 1 or 2 0 1 TLSA records set for one of your services with a X3 certificate, make sure to create extra TLSA records for not only the new R3 intermediate but also the other intermediate certs to prevent any downtime of your services: http://dnssec-stats.ant.isi.edu/~viktor/x3hosts.html

    See https://letsencrypt.org/2020/09/17/new-root-and-intermediates.html and https://community.letsencrypt.org/t/beginning-issuance-from-r3/139018/2 for more information.
     
    Jesse Norell, ahrasis and till like this.
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    How do I know if I have to do something or can just do nothing?
    I did read through all three links provided.
     
  3. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Do you have any TLSA (also known as DANE) records set for your services?
    If not, no action is needed.
     
    ahrasis likes this.

Share This Page