Thread: Fwd: Heads up about TLS certificates
-------- Forwarded Message --------
| Subject: | Heads up about TLS certificates |
|---|---|
| Date: | Tue, 23 Jul 2024 16:49:52 +0200 |
| From: | Magnus Hagander <magnus@hagander.net> |
| To: | buildfarm-admins@lists.postgresql.org |
| CC: | sysadmins <sysadmins@postgresql.org> |
Hello!
The same certificate shift will happen on git.postgresql.org that also has the compatibility chain today specifically for really old buildfarm animals.
Here's a heads-up that LetsEncrypt are discontinuing the "alternative chain" they put in place back in 2021 for backwards compatibility with older clients. That means that at the next refresh of the TLS certificates for the buildfarm server, it will be automatically updated to their new issuer certificates (and in fact to an updated intermediate cert as well).
As they have discontinued the old compatibility ones, there is not much we can do about it. Hopefully all buildfarm clients are enough up to date to work out of the box with the new chain, in which case nothing needs to be done.
The same certificate shift will happen on git.postgresql.org that also has the compatibility chain today specifically for really old buildfarm animals.
We expect this shift to happen in the next couple of days or week (there's some dynamicness to it, so we don't know exactly when)
So, please keep an eye out. And if your animal does fail to communicate after this date, please reach out to us at sysadmins@postgresql.org and we'll see if we can help you figure out how to get things back up!
//Magnus
-- Andrew Dunstan EDB: https://www.enterprisedb.com