On 17/10/2024 02:42, Leon Fauster via Discuss wrote:
FYI: https://discussion.fedoraproject.org/t/invalid-certificate-trust-chain-for-centos-org/133921
Yes, and I already fixed this (and then replied to the thread that I don't have a look at on discourse)
Long story short, our automation was relying on some symlinks based on number of CA that were used to sign various certs (internal, letsencrypt, others) but since June 2024, Letsencrypt is switching (round-robin) between multiple intermediate CA (see https://letsencrypt.org/certificates/)
So it was detected yesterday and pushed to take that into account (one cert could have been initially signed by R10 but then renewed on R11 - and vice/versa)
-- Fabian Arrotin The CentOS Project | https://www.centos.org gpg key: 17F3B7A1 | @arrfab[@fosstodon.org]
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Discuss mailing list -- discuss@xxxxxxxxxxxxxxxx To unsubscribe send an email to discuss-leave@xxxxxxxxxxxxxxxx
