starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 22:30:44 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Will dehydrated be broken after Sep 30th, 2024? #607

New Issue
Closed
opened 2025-12-29 01:27:48 +01:00 by adam · 1 comment
adam commented 2025-12-29 01:27:48 +01:00
Owner
Copy Link

Originally created by @mschiff on GitHub (Jul 16, 2023).

From https://letsencrypt.org/2023/07/10/cross-sign-expiration.html:

If you are an ACME client author, please make sure that your client correctly downloads and installs the certificate chain provided by our API during every certificate issuance, including renewals. Failure modes we have seen in the past include a) never downloading the chain at all and only serving the end-entity certificate; b) never downloading the chain and instead serving a hard-coded chain; and c) only downloading the chain at first issuance and not re-downloading during renewals. Please ensure that your client does not fall into any of these buckets.

I opened this issue so it can be verifed if dehydrated will still function properly after the expiration of the cross-sign on 2024-09-30

dehydrated is caching chains and I could not tell whether this will be a problem or not in the future by having a quick look at it...

Originally created by @mschiff on GitHub (Jul 16, 2023). From https://letsencrypt.org/2023/07/10/cross-sign-expiration.html: > If you are an ACME client author, please make sure that your client correctly downloads and installs the certificate chain provided by our API during every certificate issuance, including renewals. Failure modes we have seen in the past include a) never downloading the chain at all and only serving the end-entity certificate; b) never downloading the chain and instead serving a hard-coded chain; and c) only downloading the chain at first issuance and not re-downloading during renewals. Please ensure that your client does not fall into any of these buckets. I opened this issue so it can be verifed if dehydrated will still function properly after the expiration of the cross-sign on 2024-09-30 dehydrated is caching chains and I could not tell whether this will be a problem or not in the future by having a quick look at it...
adam closed this issue 2025-12-29 01:27:48 +01:00
adam commented 2025-12-29 01:27:48 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Jul 16, 2023):

Dehydrated does some funky stuff for the deprecated acme v1 API, walking issuer uris etc and caching by issuer name, but for v2/rfc8555 operation it always retrieves a fresh and full chain from the CA, on every renewal.

@lukas2511 commented on GitHub (Jul 16, 2023): Dehydrated does some funky stuff for the deprecated acme v1 API, walking issuer uris etc and caching by issuer name, but for v2/rfc8555 operation it always retrieves a fresh and full chain from the CA, on every renewal.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#607
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?