You are viewing a plain text version of this content. The canonical link for it is here.
Posted to sysadmins@spamassassin.apache.org by Let's Encrypt Expiry Bot <ex...@letsencrypt.org> on 2019/04/02 22:22:54 UTC
Let's Encrypt certificate expiration notice for domain "ruleqa.spamassassin.org"
Hello,
Your certificate (or certificates) for the names listed below will expire in 19 days (on 22 Apr 19 22:20 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.
We recommend renewing certificates automatically when they have a third of their
total lifetime left. For Let's Encrypt's current 90-day certificates, that means
renewing 30 days before expiration. See
https://letsencrypt.org/docs/integration-guide/ for details.
ruleqa.spamassassin.org
For any questions or support, please visit https://community.letsencrypt.org/. Unfortunately, we can't provide support by email.
If you are receiving this email in error, unsubscribe at http://mandrillapp.com/track/unsub.php?u=30850198&id=e536edf83678494ea281fd558714e45a.o7n7n7eL6dS9%2FSnODhkdlF5fmSw%3D&r=https%3A%2F%2Fmandrillapp.com%2Funsub%3Fmd_email%3Dsysadmins%2540spamassassin.apache.org
You may need to update your client to the latest version in case it is still using the deprecated TLS-SNI-01 validation method. https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209
Step-by-step instructions for updating Certbot are here: https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210
Regards,
The Let's Encrypt Team
Re: Let's Encrypt certificate expiration notice for domain
"ruleqa.spamassassin.org"
Posted by Dave Jones <da...@apache.org>.
On 4/3/19 11:00 AM, Bill Cole wrote:
> On 3 Apr 2019, at 10:17, Jari Fredriksson wrote:
>
>> You should automate the renew to a cronjob. Not too hard.
>
> LE renewal with certbot was automated with a systemd timer some time ago.
>
> The actual cause of this notice appears to be that there used to be an
> independent certificate for ruleqa.spamassassin.org, whereas now there
> is a wildcard certificate ( Subject=spamassassin.org with
> *.spamassassin.org as a Subject Alternative Name.)
>
> The renewal notices are generated by letsencrypt.org unilaterally and
> there's no way for them to notice when a cert is no longer being used
> and therefore does not need to be renewed, so this notice is about a
> non-problem.
>
>
>
>> br. jarif
>>
>>> Kevin A. McGrail <km...@apache.org> kirjoitti 3.4.2019 kello 2.00:
>>>
>>> I moderated this through.
>>> --
>>> Kevin A. McGrail
>>> Member, Apache Software Foundation
>>> Chair Emeritus Apache SpamAssassin Project
>>> https://www.linkedin.com/in/kmcgrail - 703.798.0171
>>>
>>>
>>> On Tue, Apr 2, 2019 at 7:00 PM Let's Encrypt Expiry Bot <
>>> expiry@letsencrypt.org> wrote:
>>>
>>>> Hello,
>>>>
>>>> Your certificate (or certificates) for the names listed below will
>>>> expire
>>>> in 19 days (on 22 Apr 19 22:20 +0000). Please make sure to renew your
>>>> certificate before then, or visitors to your website will encounter
>>>> errors.
>>>>
>>>> We recommend renewing certificates automatically when they have a
>>>> third of
>>>> their
>>>> total lifetime left. For Let's Encrypt's current 90-day
>>>> certificates, that
>>>> means
>>>> renewing 30 days before expiration. See
>>>> https://letsencrypt.org/docs/integration-guide/ for details.
>>>>
>>>> ruleqa.spamassassin.org
>>>>
>>>> For any questions or support, please visit
>>>> https://community.letsencrypt.org/. Unfortunately, we can't provide
>>>> support by email.
>>>>
>>>> If you are receiving this email in error, unsubscribe at
>>>> http://mandrillapp.com/track/unsub.php?u=30850198&id=e536edf83678494ea281fd558714e45a.o7n7n7eL6dS9%2FSnODhkdlF5fmSw%3D&r=https%3A%2F%2Fmandrillapp.com%2Funsub%3Fmd_email%3Dsysadmins%2540spamassassin.apache.org
>>>>
>>>>
>>>> You may need to update your client to the latest version in case it is
>>>> still using the deprecated TLS-SNI-01 validation method.
>>>> https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209
>>>>
>>>>
>>>> Step-by-step instructions for updating Certbot are here:
>>>> https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210
>>>>
>>>>
>>>> Regards,
>>>> The Let's Encrypt Team
>>>>
>
>
Bill is correct. Switched from a specific ruleqa.spamassassin.org to
*.spamassassin.org on sa-vm1.apache.org so we just need to let the
ruleqa.spamassassin.org go and ignore this notification for now.
The renewal for *.spamassassin.org using certbot is automated and cron'd
so future notifications should be taken seriously. I have monitoring
setup at ena.com (my day job) to monitor sa-vm1 and the active LE cert
expiration at https://ruleqa.spamassassin.org.
Thanks,
Dave
Re: Let's Encrypt certificate expiration notice for domain
"ruleqa.spamassassin.org"
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 3 Apr 2019, at 10:17, Jari Fredriksson wrote:
> You should automate the renew to a cronjob. Not too hard.
LE renewal with certbot was automated with a systemd timer some time
ago.
The actual cause of this notice appears to be that there used to be an
independent certificate for ruleqa.spamassassin.org, whereas now there
is a wildcard certificate ( Subject=spamassassin.org with
*.spamassassin.org as a Subject Alternative Name.)
The renewal notices are generated by letsencrypt.org unilaterally and
there's no way for them to notice when a cert is no longer being used
and therefore does not need to be renewed, so this notice is about a
non-problem.
> br. jarif
>
>> Kevin A. McGrail <km...@apache.org> kirjoitti 3.4.2019 kello 2.00:
>>
>> I moderated this through.
>> --
>> Kevin A. McGrail
>> Member, Apache Software Foundation
>> Chair Emeritus Apache SpamAssassin Project
>> https://www.linkedin.com/in/kmcgrail - 703.798.0171
>>
>>
>> On Tue, Apr 2, 2019 at 7:00 PM Let's Encrypt Expiry Bot <
>> expiry@letsencrypt.org> wrote:
>>
>>> Hello,
>>>
>>> Your certificate (or certificates) for the names listed below will
>>> expire
>>> in 19 days (on 22 Apr 19 22:20 +0000). Please make sure to renew
>>> your
>>> certificate before then, or visitors to your website will encounter
>>> errors.
>>>
>>> We recommend renewing certificates automatically when they have a
>>> third of
>>> their
>>> total lifetime left. For Let's Encrypt's current 90-day
>>> certificates, that
>>> means
>>> renewing 30 days before expiration. See
>>> https://letsencrypt.org/docs/integration-guide/ for details.
>>>
>>> ruleqa.spamassassin.org
>>>
>>> For any questions or support, please visit
>>> https://community.letsencrypt.org/. Unfortunately, we can't provide
>>> support by email.
>>>
>>> If you are receiving this email in error, unsubscribe at
>>> http://mandrillapp.com/track/unsub.php?u=30850198&id=e536edf83678494ea281fd558714e45a.o7n7n7eL6dS9%2FSnODhkdlF5fmSw%3D&r=https%3A%2F%2Fmandrillapp.com%2Funsub%3Fmd_email%3Dsysadmins%2540spamassassin.apache.org
>>>
>>> You may need to update your client to the latest version in case it
>>> is
>>> still using the deprecated TLS-SNI-01 validation method.
>>> https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209
>>>
>>> Step-by-step instructions for updating Certbot are here:
>>> https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210
>>>
>>> Regards,
>>> The Let's Encrypt Team
>>>
--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole
Re: Let's Encrypt certificate expiration notice for domain
"ruleqa.spamassassin.org"
Posted by Jari Fredriksson <ja...@iki.fi>.
You should automate the renew to a cronjob. Not too hard.
br. jarif
> Kevin A. McGrail <km...@apache.org> kirjoitti 3.4.2019 kello 2.00:
>
> I moderated this through.
> --
> Kevin A. McGrail
> Member, Apache Software Foundation
> Chair Emeritus Apache SpamAssassin Project
> https://www.linkedin.com/in/kmcgrail - 703.798.0171
>
>
> On Tue, Apr 2, 2019 at 7:00 PM Let's Encrypt Expiry Bot <
> expiry@letsencrypt.org> wrote:
>
>> Hello,
>>
>> Your certificate (or certificates) for the names listed below will expire
>> in 19 days (on 22 Apr 19 22:20 +0000). Please make sure to renew your
>> certificate before then, or visitors to your website will encounter errors.
>>
>> We recommend renewing certificates automatically when they have a third of
>> their
>> total lifetime left. For Let's Encrypt's current 90-day certificates, that
>> means
>> renewing 30 days before expiration. See
>> https://letsencrypt.org/docs/integration-guide/ for details.
>>
>> ruleqa.spamassassin.org
>>
>> For any questions or support, please visit
>> https://community.letsencrypt.org/. Unfortunately, we can't provide
>> support by email.
>>
>> If you are receiving this email in error, unsubscribe at
>> http://mandrillapp.com/track/unsub.php?u=30850198&id=e536edf83678494ea281fd558714e45a.o7n7n7eL6dS9%2FSnODhkdlF5fmSw%3D&r=https%3A%2F%2Fmandrillapp.com%2Funsub%3Fmd_email%3Dsysadmins%2540spamassassin.apache.org
>>
>> You may need to update your client to the latest version in case it is
>> still using the deprecated TLS-SNI-01 validation method.
>> https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209
>>
>> Step-by-step instructions for updating Certbot are here:
>> https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210
>>
>> Regards,
>> The Let's Encrypt Team
>>
Re: Let's Encrypt certificate expiration notice for domain "ruleqa.spamassassin.org"
Posted by "Kevin A. McGrail" <km...@apache.org>.
I moderated this through.
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171
On Tue, Apr 2, 2019 at 7:00 PM Let's Encrypt Expiry Bot <
expiry@letsencrypt.org> wrote:
> Hello,
>
> Your certificate (or certificates) for the names listed below will expire
> in 19 days (on 22 Apr 19 22:20 +0000). Please make sure to renew your
> certificate before then, or visitors to your website will encounter errors.
>
> We recommend renewing certificates automatically when they have a third of
> their
> total lifetime left. For Let's Encrypt's current 90-day certificates, that
> means
> renewing 30 days before expiration. See
> https://letsencrypt.org/docs/integration-guide/ for details.
>
> ruleqa.spamassassin.org
>
> For any questions or support, please visit
> https://community.letsencrypt.org/. Unfortunately, we can't provide
> support by email.
>
> If you are receiving this email in error, unsubscribe at
> http://mandrillapp.com/track/unsub.php?u=30850198&id=e536edf83678494ea281fd558714e45a.o7n7n7eL6dS9%2FSnODhkdlF5fmSw%3D&r=https%3A%2F%2Fmandrillapp.com%2Funsub%3Fmd_email%3Dsysadmins%2540spamassassin.apache.org
>
> You may need to update your client to the latest version in case it is
> still using the deprecated TLS-SNI-01 validation method.
> https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209
>
> Step-by-step instructions for updating Certbot are here:
> https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210
>
> Regards,
> The Let's Encrypt Team
>