Aral Balkan@s1r83r @stefan Thanks for the heads up, folks.
So, here’s what’s happened:
1. Let’s Encrypt removed OCSP support and starting rejecting certificate requests that require OCSP stapling (a privacy feature that Kitten inherited from my Auto Encrypt module) for new server requests and will reject certificate renewal requests starting in May.
2. So I went ahead and removed the OCSP stapling requirement from the certificate requests Auto Encrypt makes to Let’s Encrypt.
3. I also removed OCSP support from the server.
Makes sense, right?
Sure does, until you consider what happens to servers with already-provisioned Let’s Encrypt certificates that have certificates that require OCSP stapling. (kitten.small-web.org’s certificate got renewed four days ago, before I’d released the updates.)
*Doh!* 🤦♂️
Seems Safari and Chrom(ium) are fine with letting it pass. However, Firefox, (and correctly too, I might add), refuses to load the site.
So I’m off to update Auto Encrypt to re-enable OCSP support with a note to disable it in May (by which time all certificates will have renewed anyway without the stapling requirement) and then issue new builds of @small-web/https and Kitten.
Kitten servers should automatically upgrade and start working in Firefox in several hours. And you can also manually update them if you want to before then after I’ve announced the releases.
Thanks again for letting me know.
:kitten:💕
#Kitten #SmallWeb #AutoEncrypt #LetsEncrypt #TLS #SSL #HTTPS #OCSP
All GNU social JP content and data are available under the