Am 13.07.23 um 16:09 schrieb Viktor Dukhovni via Exim-users:
>
> If the issue is observed on the MX host for your domain, note that its
> certificate chains up to the already expired "DST Root CA X3":
where do you see an expired cert here? Or did you mean "soon to be
reaching eol" ?
> Certificate:
> Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3
> Not Before: Jan 20 19:14:03 2021 GMT
> Not After : Sep 30 18:14:03 2024 GMT
> Subject: C=US, O=Internet Security Research Group, CN=ISRG Root X1
>
> While most clients have a local trusted "ISRG Root X1" CA, and
> short-circuit the chain at the first locally trusted issuer, some might
> not perform the short-circuit lookup (e.g. old OpenSSL versions prior to
> 1.1.0).
>
> You should reconfigure your Let's Encrypt setup to obtain a chain that's
> rooted at the ISRG CA. With certbot, add to the
> "renewal/<lineage>.conf" file's "renewalparams" section:
>
A good hint, we use "Dehydrated" here, have to figure out how to do it here.
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
