ietf-smtp
[Top] [All Lists]

[ietf-smtp] DANE / Fwd: ACTION REQUIRED: Renew these Let's Encrypt certificates by March 4

2020-03-03 07:51:26
Hello,

on a very short notice, Let’s Encrypt revokes its certificates with the message 
below.  This effectively means to start
and complete TLSA/DANE/DNSSEC certificate rollover within 24h.

Is this possible in general, when the DNS TTL on its own is 24h?  Do I 
understand something wrong, stating  that this
mass revokation is just bad for DANE+SMTP?

What is the right way to mass revoke certificates involved in DANE?

Greetings
  Дилян

-------- Forwarded Message --------
From: noreply(_at_)letsencrypt(_dot_)org
To: dilyan(_dot_)palauzov(_at_)aegee(_dot_)org
Subject: ACTION REQUIRED: Renew these Let's Encrypt certificates by March 4
Date: Tue, 03 Mar 2020 12:21:38 +0000

We recently discovered a bug in the Let's Encrypt certificate authority code, 
described here:

https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591

Unfortunately, this means we need to revoke the certificates that were affected 
by this bug, which includes one or more of your certificates. To avoid 
disruption, you'll need to renew and replace your affected certificate(s) by 
Wednesday, March 4, 2020. We sincerely apologize for the issue.

If you're not able to renew your certificate by March 4, the date we are 
required to revoke these certificates, visitors to your site will see security 
warnings until you do renew the certificate. Your ACME client documentation 
should explain how to renew.

If you are using Certbot, the command to renew is:

certbot renew --force-renewal

If you need help, please visit our community support forum: 
https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864

Please search thoroughly for a solution before you post a new question. Let's 
Encrypt staff will help our community try to answer unresolved questions as 
quickly as possible.


Your affected certificate(s), listed by serial number and domain names:

0323f781386c8a5bded046fccf5ee07b3cbf: bapha.be www.bapha.be
033816bfd1fe5a6c35f83cd4072ab506dd1a: lists.aegee.org www.lists.aegee.org
0362a260840e028d77559331766a3a364b04: central.aegee.org www.central.aegee.org
0374340611a873e5d3dc3c251b9b634bfade: mail.aegee.org smtp.aegee.org
03b75379536d583dbb93d9786abce25aab91: mail.aegee.org smtp.aegee.org 
www.mail.aegee.org
03d2e7712ab3a259c4ed71bddb5707c0f714: lists.aegee.org www.lists.aegee.org
03f571a4fdf8e3f6a24c4e2c65e3f4dc4ff3: central.aegee.org www.central.aegee.org
04c7d79ca93bafc62dd022e29c351302c5c3: mail.aegee.org smtp.aegee.org 
www.mail.aegee.org
031e23f0635f6ae7c89ea6cf98eeccb666c8: central.aegee.org www.central.aegee.org
0343dae9a834cd535c2dd21ba21ff3f06390: central.aegee.org www.central.aegee.org
03a654a6bef5c3c27e7cc3aec44a7f8839f4: mail.aegee.org smtp.aegee.org 
www.mail.aegee.org
03b485da5b0f309cbc1031cbfd47d22d9bb3: mail.aegee.org smtp.aegee.org 
www.mail.aegee.org
03c9ce72fe8ee3c54beb31d55e88e679ca00: bapha.be www.bapha.be
0471e83802604dda8bbece170b6bc358287d: lists.aegee.org www.lists.aegee.org
04e0b4a44836ea9e19335bb9ad1f4dafdc3d: lists.aegee.org www.lists.aegee.org

If you are receiving this email in error, unsubscribe at:
  
http://mandrillapp.com/track/unsub.php?u=30850198&id=2ae0669a7db54ba495d77e7101054508.Kpol6X3JUmCojB6o830csBoXvIA%3D&r=https%3A%2F%2Fmandrillapp.com%2Funsub%3Fmd_email%3Ddilyan.palauzov%2540aegee.org
Please note that this would also unsubscribe you from other Let's Encrypt 
service notices, like expiration reminders.

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp