A place to cache linked articles (think custom and personal wayback machine)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

преди 3 години
преди 3 години
преди 3 години
преди 3 години
преди 3 години
преди 3 години
преди 3 години
преди 3 години
преди 3 години
преди 3 години
преди 3 години
преди 3 години
преди 3 години
преди 3 години
преди 3 години
преди 3 години
преди 3 години
преди 3 години
преди 3 години
преди 3 години
преди 3 години
преди 3 години
преди 3 години
преди 3 години
преди 3 години
преди 3 години
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204
  1. <!doctype html><!-- This is a valid HTML5 document. -->
  2. <!-- Screen readers, SEO, extensions and so on. -->
  3. <html lang="fr">
  4. <!-- Has to be within the first 1024 bytes, hence before the `title` element
  5. See: https://www.w3.org/TR/2012/CR-html5-20121217/document-metadata.html#charset -->
  6. <meta charset="utf-8">
  7. <!-- Why no `X-UA-Compatible` meta: https://stackoverflow.com/a/6771584 -->
  8. <!-- The viewport meta is quite crowded and we are responsible for that.
  9. See: https://codepen.io/tigt/post/meta-viewport-for-2015 -->
  10. <meta name="viewport" content="width=device-width,initial-scale=1">
  11. <!-- Required to make a valid HTML5 document. -->
  12. <title>DST Root CA X3 Expiration (September 2021) (archive) — David Larlet</title>
  13. <meta name="description" content="Publication mise en cache pour en conserver une trace.">
  14. <!-- That good ol' feed, subscribe :). -->
  15. <link rel="alternate" type="application/atom+xml" title="Feed" href="/david/log/">
  16. <!-- Generated from https://realfavicongenerator.net/ such a mess. -->
  17. <link rel="apple-touch-icon" sizes="180x180" href="/static/david/icons2/apple-touch-icon.png">
  18. <link rel="icon" type="image/png" sizes="32x32" href="/static/david/icons2/favicon-32x32.png">
  19. <link rel="icon" type="image/png" sizes="16x16" href="/static/david/icons2/favicon-16x16.png">
  20. <link rel="manifest" href="/static/david/icons2/site.webmanifest">
  21. <link rel="mask-icon" href="/static/david/icons2/safari-pinned-tab.svg" color="#07486c">
  22. <link rel="shortcut icon" href="/static/david/icons2/favicon.ico">
  23. <meta name="msapplication-TileColor" content="#f7f7f7">
  24. <meta name="msapplication-config" content="/static/david/icons2/browserconfig.xml">
  25. <meta name="theme-color" content="#f7f7f7" media="(prefers-color-scheme: light)">
  26. <meta name="theme-color" content="#272727" media="(prefers-color-scheme: dark)">
  27. <!-- Documented, feel free to shoot an email. -->
  28. <link rel="stylesheet" href="/static/david/css/style_2021-01-20.css">
  29. <!-- See https://www.zachleat.com/web/comprehensive-webfonts/ for the trade-off. -->
  30. <link rel="preload" href="/static/david/css/fonts/triplicate_t4_poly_regular.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)" crossorigin>
  31. <link rel="preload" href="/static/david/css/fonts/triplicate_t4_poly_bold.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)" crossorigin>
  32. <link rel="preload" href="/static/david/css/fonts/triplicate_t4_poly_italic.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)" crossorigin>
  33. <link rel="preload" href="/static/david/css/fonts/triplicate_t3_regular.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: dark)" crossorigin>
  34. <link rel="preload" href="/static/david/css/fonts/triplicate_t3_bold.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: dark)" crossorigin>
  35. <link rel="preload" href="/static/david/css/fonts/triplicate_t3_italic.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: dark)" crossorigin>
  36. <script>
  37. function toggleTheme(themeName) {
  38. document.documentElement.classList.toggle(
  39. 'forced-dark',
  40. themeName === 'dark'
  41. )
  42. document.documentElement.classList.toggle(
  43. 'forced-light',
  44. themeName === 'light'
  45. )
  46. }
  47. const selectedTheme = localStorage.getItem('theme')
  48. if (selectedTheme !== 'undefined') {
  49. toggleTheme(selectedTheme)
  50. }
  51. </script>
  52. <meta name="robots" content="noindex, nofollow">
  53. <meta content="origin-when-cross-origin" name="referrer">
  54. <!-- Canonical URL for SEO purposes -->
  55. <link rel="canonical" href="https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/">
  56. <body class="remarkdown h1-underline h2-underline h3-underline em-underscore hr-center ul-star pre-tick" data-instant-intensity="viewport-all">
  57. <article>
  58. <header>
  59. <h1>DST Root CA X3 Expiration (September 2021)</h1>
  60. </header>
  61. <nav>
  62. <p class="center">
  63. <a href="/david/" title="Aller à l’accueil"><svg class="icon icon-home">
  64. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-home"></use>
  65. </svg> Accueil</a> •
  66. <a href="https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/" title="Lien vers le contenu original">Source originale</a>
  67. </p>
  68. </nav>
  69. <hr>
  70. <p>On September 30 2021, there will be a small change in how older browsers and devices
  71. trust Let’s Encrypt certificates. If you run a typical website, you won’t notice
  72. a difference - the vast majority of your visitors will still accept your Let’s
  73. Encrypt certificate. If you provide an API or have to support IoT devices, you
  74. might have to pay a little more attention to the change.</p>
  75. <p>Let’s Encrypt has a “<a href="https://letsencrypt.org/docs/glossary/#def-root">root certificate</a>” called <a href="https://letsencrypt.org/certificates/" hreflang="en-US">ISRG Root X1</a>. Modern browsers and
  76. devices trust the Let’s Encrypt certificate installed on your website because
  77. they include ISRG Root X1 in their list of root certificates. To make sure the
  78. certificates we issue are trusted on older devices, we also have a
  79. “cross-signature” from an older root certificate: DST Root CA X3.</p>
  80. <p>When we got started, that older root certificate (DST Root CA X3) helped us get
  81. off the ground and be trusted by almost every device immediately. The newer root
  82. certificate (ISRG Root X1) is now widely trusted too - but some older devices
  83. won’t ever trust it because they don’t get software updates (for example, an
  84. iPhone 4 or an HTC Dream). <a href="https://letsencrypt.org/docs/certificate-compatibility/" hreflang="en-US">Click here for a list of which platforms trust ISRG
  85. Root X1</a>.</p>
  86. <p>DST Root CA X3 will expire on September 30, 2021. That means those older devices
  87. that don’t trust ISRG Root X1 will start getting certificate warnings when
  88. visiting sites that use Let’s Encrypt certificates. There’s one important
  89. exception: older Android devices that don’t trust ISRG Root X1 will continue to
  90. work with Let’s Encrypt, <a href="https://letsencrypt.org/2020/12/21/extending-android-compatibility.html">thanks to a special cross-sign from DST Root CA X3</a>
  91. that extends past that root’s expiration. This exception only works for Android.</p>
  92. <p>What should you do? For most people, nothing at all! We’ve set up our
  93. certificate issuance so your web site will do the right thing in most cases,
  94. favoring broad compatibility. If you provide an API or have to support IoT
  95. devices, you’ll need to make sure of two things: (1) all clients of your API
  96. must trust ISRG Root X1 (not just DST Root CA X3), and (2) if clients of your
  97. API are using OpenSSL, <a href="https://community.letsencrypt.org/t/openssl-client-compatibility-changes-for-let-s-encrypt-certificates/143816">they must use version 1.1.0 or later</a>. In OpenSSL
  98. 1.0.x, a quirk in certificate verification means that even clients that trust
  99. ISRG Root X1 will fail when presented with the Android-compatible certificate
  100. chain we are recommending by default.</p>
  101. <p>If you have any questions about the upcoming expiration,
  102. <a href="https://community.letsencrypt.org/t/help-thread-for-dst-root-ca-x3-expiration-september-2021/149190">please post to this thread on our forum.</a></p>
  103. </article>
  104. <hr>
  105. <footer>
  106. <p>
  107. <a href="/david/" title="Aller à l’accueil"><svg class="icon icon-home">
  108. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-home"></use>
  109. </svg> Accueil</a> •
  110. <a href="/david/log/" title="Accès au flux RSS"><svg class="icon icon-rss2">
  111. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-rss2"></use>
  112. </svg> Suivre</a> •
  113. <a href="http://larlet.com" title="Go to my English profile" data-instant><svg class="icon icon-user-tie">
  114. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-user-tie"></use>
  115. </svg> Pro</a> •
  116. <a href="mailto:david%40larlet.fr" title="Envoyer un courriel"><svg class="icon icon-mail">
  117. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-mail"></use>
  118. </svg> Email</a> •
  119. <abbr class="nowrap" title="Hébergeur : Alwaysdata, 62 rue Tiquetonne 75002 Paris, +33184162340"><svg class="icon icon-hammer2">
  120. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-hammer2"></use>
  121. </svg> Légal</abbr>
  122. </p>
  123. <template id="theme-selector">
  124. <form>
  125. <fieldset>
  126. <legend><svg class="icon icon-brightness-contrast">
  127. <use xlink:href="/static/david/icons2/symbol-defs-2021-12.svg#icon-brightness-contrast"></use>
  128. </svg> Thème</legend>
  129. <label>
  130. <input type="radio" value="auto" name="chosen-color-scheme" checked> Auto
  131. </label>
  132. <label>
  133. <input type="radio" value="dark" name="chosen-color-scheme"> Foncé
  134. </label>
  135. <label>
  136. <input type="radio" value="light" name="chosen-color-scheme"> Clair
  137. </label>
  138. </fieldset>
  139. </form>
  140. </template>
  141. </footer>
  142. <script src="/static/david/js/instantpage-5.1.0.min.js" type="module"></script>
  143. <script>
  144. function loadThemeForm(templateName) {
  145. const themeSelectorTemplate = document.querySelector(templateName)
  146. const form = themeSelectorTemplate.content.firstElementChild
  147. themeSelectorTemplate.replaceWith(form)
  148. form.addEventListener('change', (e) => {
  149. const chosenColorScheme = e.target.value
  150. localStorage.setItem('theme', chosenColorScheme)
  151. toggleTheme(chosenColorScheme)
  152. })
  153. const selectedTheme = localStorage.getItem('theme')
  154. if (selectedTheme && selectedTheme !== 'undefined') {
  155. form.querySelector(`[value="${selectedTheme}"]`).checked = true
  156. }
  157. }
  158. const prefersColorSchemeDark = '(prefers-color-scheme: dark)'
  159. window.addEventListener('load', () => {
  160. let hasDarkRules = false
  161. for (const styleSheet of Array.from(document.styleSheets)) {
  162. let mediaRules = []
  163. for (const cssRule of styleSheet.cssRules) {
  164. if (cssRule.type !== CSSRule.MEDIA_RULE) {
  165. continue
  166. }
  167. // WARNING: Safari does not have/supports `conditionText`.
  168. if (cssRule.conditionText) {
  169. if (cssRule.conditionText !== prefersColorSchemeDark) {
  170. continue
  171. }
  172. } else {
  173. if (cssRule.cssText.startsWith(prefersColorSchemeDark)) {
  174. continue
  175. }
  176. }
  177. mediaRules = mediaRules.concat(Array.from(cssRule.cssRules))
  178. }
  179. // WARNING: do not try to insert a Rule to a styleSheet you are
  180. // currently iterating on, otherwise the browser will be stuck
  181. // in a infinite loop…
  182. for (const mediaRule of mediaRules) {
  183. styleSheet.insertRule(mediaRule.cssText)
  184. hasDarkRules = true
  185. }
  186. }
  187. if (hasDarkRules) {
  188. loadThemeForm('#theme-selector')
  189. }
  190. })
  191. </script>
  192. </body>
  193. </html>