Hello everyone,
dear developers of TinyCP,
we have been observing an interesting problem for a few days when issuing certificates via TinyCP with Lets Encrypt.
As can be seen at https://letsencrypt.org/certificates/, the certificate chain at Let's Encrypt has changed.
In particular, new intermediate certificates (R10, R11) for RSA have been added, replacing their predecessors R3, R4.
If a certificate from TinyCP has been extended or reissued since June 6th, the certificates are no longer valid.
After an extensive error analysis, it turned out that the new certificate chain is not used completely when it is created and the intermediate certificate R3 is still used.
If you manually swap the old R3 for the current R10 intermediate certificate in the SSL folder of the domain in which the certificate (freshly created or extended) is located, the chain is complete again and the certificate is valid.
Whenever TinyCP renews or extends the certificate, the outdated R3 intermediate certificate is used again, although the R10 or R11 certificate should actually be included as standard.
dear developers of TinyCP,
we have been observing an interesting problem for a few days when issuing certificates via TinyCP with Lets Encrypt.
As can be seen at https://letsencrypt.org/certificates/, the certificate chain at Let's Encrypt has changed.
In particular, new intermediate certificates (R10, R11) for RSA have been added, replacing their predecessors R3, R4.
If a certificate from TinyCP has been extended or reissued since June 6th, the certificates are no longer valid.
After an extensive error analysis, it turned out that the new certificate chain is not used completely when it is created and the intermediate certificate R3 is still used.
If you manually swap the old R3 for the current R10 intermediate certificate in the SSL folder of the domain in which the certificate (freshly created or extended) is located, the chain is complete again and the certificate is valid.
Whenever TinyCP renews or extends the certificate, the outdated R3 intermediate certificate is used again, although the R10 or R11 certificate should actually be included as standard.