x509 and Let’s Encrypt
It appears that the recent 0.7.0 update for the dehydrated package on both SL7 and Ubuntu causes connection problems for some services.
In Informatics we have experienced problems with connecting to remote desktop (XRDP) services and the jabber chat service once certificates are renewed using the new dehydrated client. This is related to the change of default key algorithm from rsa to secp384r1 (as mentioned in the release notes). To resolve this issue we have issued a new stable release – 2021110801b
– which has the default reverted to rsa via the x509.le_key_algo
resource in the lcfg/defaults/x509.h
header file. It’s not yet clear if the problem only affects certain services or certain clients, further investigations are required to fully explain the source of the problems.
Recent comments