[ietf-smtp] DANE / Fwd: ACTION REQUIRED: Renew these Let's Encrypt certificates by March 4
Дилян Палаузов <dilyan.palauzov@aegee.org> Tue, 03 March 2020 13:51 UTC
Return-Path: <dilyan.palauzov@aegee.org>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 351673A0D55 for <ietf-smtp@ietfa.amsl.com>; Tue, 3 Mar 2020 05:51:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (4096-bit key) header.d=aegee.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ungecSPywIDc for <ietf-smtp@ietfa.amsl.com>; Tue, 3 Mar 2020 05:51:09 -0800 (PST)
Received: from mail.aegee.org (mail.aegee.org [144.76.142.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8A093A0D4E for <ietf-smtp@ietf.org>; Tue, 3 Mar 2020 05:50:19 -0800 (PST)
Authentication-Results: mail.aegee.org/023DoFM7020907; auth=pass (LOGIN) smtp.auth=didopalauzov
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=aegee.org; s=k4096; t=1583243416; i=dkim+MSA-tls@aegee.org; bh=CGmdKlZiq+vK5dGzQIya02m2AyY5wof1LaaC6PGy88U=; h=Subject:From:To:Date:References; b=lmXeXDb7iZ1MA2hO2D0k/DPOwS6AeUmLe6oN/wzB+j5NlSnxPbUZ/U31Mbk2K7dVV ETFd8XXaaDAPPzaIi9MnkZtStCY5CiMoGWh6f3cWv21uGwDi5pfvY5ftjRyzXhYfNX CNGyn/RWQILHyc3OA1zFOLMtbw1eGqPX3EBBhYTYC4CqJcsnNgz0KsTonlWjr6IFWB m7LpuO0371728sSWyb5epdiwCSv12od2bhCweTo0HRkAUxpZTCGRDL+85bTui8PHMq KmcQY/FZ8322HoTC7HQuUn+cPND448AYcHV9PoQcstwj31/v8Mu/iV1cN5fVeHtSDh edAVs8oTUEQecdkd2FYjgI5peraMPhtxfwU0USRehBXfLdbELxFHEAxqjR/K06MiKK QCGeU6BaoISTe4ePKkpKxU8BrsDtGLPRy273/F3GC5Hksa3TFcS7Wtavjj00I09MkW uXm7CVyO4VZCaOiVVGOxFN5nzmPQ/o7IcbH8F1cgEmBcEA/KvtFQaQ4Ts9UjW0hhBr QuaqPb8WDrjJR26Ev/GFpk3WQlBD9z0AtLKiLpZvsywA8D4wB5+vQB0X0FDswD+MEI dGjvXgl0d1CtZra0K8OUag0A3j/QHcCtbyxUS5YTIhaFrYME1Tgu0S4D9c4Tzqp5DU XX8XgaSyQ3O69fq/vlRnuFIM=
Authentication-Results: mail.aegee.org/023DoFM7020907; dkim=none
Received: from Tylan (87.118.146.153.topnet.bg [87.118.146.153] (may be forged)) (authenticated bits=0) by mail.aegee.org (8.15.2/8.15.2) with ESMTPSA id 023DoFM7020907 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for <ietf-smtp@ietf.org>; Tue, 3 Mar 2020 13:50:15 GMT
Message-ID: <60c385bc383a7cdea8b72aab454e2bb9e672b00c.camel@aegee.org>
From: Дилян Палаузов <dilyan.palauzov@aegee.org>
To: ietf-smtp <ietf-smtp@ietf.org>
Date: Tue, 03 Mar 2020 13:50:14 +0000
References: <20200303T122138.2914587387366102844.noreply@letsencrypt.org>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.36.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.102.2 at mail.aegee.org
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/dirj2Wcwn-ky62s-hH-1HbE3O3k>
Subject: [ietf-smtp] DANE / Fwd: ACTION REQUIRED: Renew these Let's Encrypt certificates by March 4
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Mar 2020 13:51:11 -0000
Hello, on a very short notice, Let’s Encrypt revokes its certificates with the message below. This effectively means to start and complete TLSA/DANE/DNSSEC certificate rollover within 24h. Is this possible in general, when the DNS TTL on its own is 24h? Do I understand something wrong, stating that this mass revokation is just bad for DANE+SMTP? What is the right way to mass revoke certificates involved in DANE? Greetings Дилян -------- Forwarded Message -------- From: noreply@letsencrypt.org To: dilyan.palauzov@aegee.org Subject: ACTION REQUIRED: Renew these Let's Encrypt certificates by March 4 Date: Tue, 03 Mar 2020 12:21:38 +0000 We recently discovered a bug in the Let's Encrypt certificate authority code, described here: https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591 Unfortunately, this means we need to revoke the certificates that were affected by this bug, which includes one or more of your certificates. To avoid disruption, you'll need to renew and replace your affected certificate(s) by Wednesday, March 4, 2020. We sincerely apologize for the issue. If you're not able to renew your certificate by March 4, the date we are required to revoke these certificates, visitors to your site will see security warnings until you do renew the certificate. Your ACME client documentation should explain how to renew. If you are using Certbot, the command to renew is: certbot renew --force-renewal If you need help, please visit our community support forum: https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864 Please search thoroughly for a solution before you post a new question. Let's Encrypt staff will help our community try to answer unresolved questions as quickly as possible. Your affected certificate(s), listed by serial number and domain names: 0323f781386c8a5bded046fccf5ee07b3cbf: bapha.be www.bapha.be 033816bfd1fe5a6c35f83cd4072ab506dd1a: lists.aegee.org www.lists.aegee.org 0362a260840e028d77559331766a3a364b04: central.aegee.org www.central.aegee.org 0374340611a873e5d3dc3c251b9b634bfade: mail.aegee.org smtp.aegee.org 03b75379536d583dbb93d9786abce25aab91: mail.aegee.org smtp.aegee.org www.mail.aegee.org 03d2e7712ab3a259c4ed71bddb5707c0f714: lists.aegee.org www.lists.aegee.org 03f571a4fdf8e3f6a24c4e2c65e3f4dc4ff3: central.aegee.org www.central.aegee.org 04c7d79ca93bafc62dd022e29c351302c5c3: mail.aegee.org smtp.aegee.org www.mail.aegee.org 031e23f0635f6ae7c89ea6cf98eeccb666c8: central.aegee.org www.central.aegee.org 0343dae9a834cd535c2dd21ba21ff3f06390: central.aegee.org www.central.aegee.org 03a654a6bef5c3c27e7cc3aec44a7f8839f4: mail.aegee.org smtp.aegee.org www.mail.aegee.org 03b485da5b0f309cbc1031cbfd47d22d9bb3: mail.aegee.org smtp.aegee.org www.mail.aegee.org 03c9ce72fe8ee3c54beb31d55e88e679ca00: bapha.be www.bapha.be 0471e83802604dda8bbece170b6bc358287d: lists.aegee.org www.lists.aegee.org 04e0b4a44836ea9e19335bb9ad1f4dafdc3d: lists.aegee.org www.lists.aegee.org If you are receiving this email in error, unsubscribe at: http://mandrillapp.com/track/unsub.php?u=30850198&id=2ae0669a7db54ba495d77e7101054508.Kpol6X3JUmCojB6o830csBoXvIA%3D&r=https%3A%2F%2Fmandrillapp.com%2Funsub%3Fmd_email%3Ddilyan.palauzov%2540aegee.org Please note that this would also unsubscribe you from other Let's Encrypt service notices, like expiration reminders.
- [ietf-smtp] DANE / Fwd: ACTION REQUIRED: Renew th… Дилян Палаузов
- Re: [ietf-smtp] DANE / Fwd: ACTION REQUIRED: Rene… Alessandro Vesely
- Re: [ietf-smtp] DANE / Fwd: ACTION REQUIRED: Rene… Russ Allbery
- Re: [ietf-smtp] DANE / Fwd: ACTION REQUIRED: Rene… Phil Pennock
- Re: [ietf-smtp] DANE / Fwd: ACTION REQUIRED: Rene… John Levine
- Re: [ietf-smtp] DANE / Fwd: ACTION REQUIRED: Rene… Viktor Dukhovni
- Re: [ietf-smtp] DANE / Fwd: ACTION REQUIRED: Rene… Phil Pennock
- Re: [ietf-smtp] DANE / Fwd: ACTION REQUIRED: Rene… Viktor Dukhovni