davidbgk
/
larlet-fr-david-cache
Watch 1
Star 0
Fork 0
Code Releases 0 Activity
A place to cache linked articles (think custom and personal wayback machine)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
147 Commits
1 Branch
Tree: cf1d73f4ca
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'cf1d73f4ca'
${ noResults }
larlet-fr-david-cache/cache/2021/372cdbf3dc67c7796673bec4aae.../index.html

index.html 11KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206 
  1. <!doctype html><!-- This is a valid HTML5 document. -->

  2. <!-- Screen readers, SEO, extensions and so on. -->

  3. <html lang="fr">

  4. <!-- Has to be within the first 1024 bytes, hence before the <title>

  5.   See: https://www.w3.org/TR/2012/CR-html5-20121217/document-metadata.html#charset -->

  6. <meta charset="utf-8">

  7. <!-- Why no `X-UA-Compatible` meta: https://stackoverflow.com/a/6771584 -->

  8. <!-- The viewport meta is quite crowded and we are responsible for that.

  9.   See: https://codepen.io/tigt/post/meta-viewport-for-2015 -->

  10. <meta name="viewport" content="width=device-width,initial-scale=1">

  11. <!-- Required to make a valid HTML5 document. -->

  12. <title>DST Root CA X3 Expiration (September 2021) (archive) — David Larlet</title>

  13. <meta name="description" content="Publication mise en cache pour en conserver une trace.">

  14. <!-- That good ol' feed, subscribe :). -->

  15. <link rel="alternate" type="application/atom+xml" title="Feed" href="/david/log/">

  16. <!-- Generated from https://realfavicongenerator.net/ such a mess. -->

  17. <link rel="apple-touch-icon" sizes="180x180" href="/static/david/icons2/apple-touch-icon.png">

  18. <link rel="icon" type="image/png" sizes="32x32" href="/static/david/icons2/favicon-32x32.png">

  19. <link rel="icon" type="image/png" sizes="16x16" href="/static/david/icons2/favicon-16x16.png">

  20. <link rel="manifest" href="/static/david/icons2/site.webmanifest">

  21. <link rel="mask-icon" href="/static/david/icons2/safari-pinned-tab.svg" color="#07486c">

  22. <link rel="shortcut icon" href="/static/david/icons2/favicon.ico">

  23. <meta name="msapplication-TileColor" content="#f0f0ea">

  24. <meta name="msapplication-config" content="/static/david/icons2/browserconfig.xml">

  25. <meta name="theme-color" content="#f0f0ea">

  26. <!-- Documented, feel free to shoot an email. -->

  27. <link rel="stylesheet" href="/static/david/css/style_2021-01-20.css">

  28. <!-- See https://www.zachleat.com/web/comprehensive-webfonts/ for the trade-off. -->

  29. <link rel="preload" href="/static/david/css/fonts/triplicate_t4_poly_regular.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)" crossorigin>

  30. <link rel="preload" href="/static/david/css/fonts/triplicate_t4_poly_bold.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)" crossorigin>

  31. <link rel="preload" href="/static/david/css/fonts/triplicate_t4_poly_italic.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)" crossorigin>

  32. <link rel="preload" href="/static/david/css/fonts/triplicate_t3_regular.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: dark)" crossorigin>

  33. <link rel="preload" href="/static/david/css/fonts/triplicate_t3_bold.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: dark)" crossorigin>

  34. <link rel="preload" href="/static/david/css/fonts/triplicate_t3_italic.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: dark)" crossorigin>

  35. <script>

  36.     function toggleTheme(themeName) {

  37.         document.documentElement.classList.toggle(

  38.             'forced-dark',

  39.             themeName === 'dark'

  40.         )

  41.         document.documentElement.classList.toggle(

  42.             'forced-light',

  43.             themeName === 'light'

  44.         )

  45.     }

  46.     const selectedTheme = localStorage.getItem('theme')

  47.     if (selectedTheme !== 'undefined') {

  48.         toggleTheme(selectedTheme)

  49.     }

  50. </script>

  51. 

  52.   <meta name="robots" content="noindex, nofollow">

  53.   <meta content="origin-when-cross-origin" name="referrer">

  54.   <!-- Canonical URL for SEO purposes -->

  55.   <link rel="canonical" href="https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/">

  56. 

  57. <body class="remarkdown h1-underline h2-underline h3-underline em-underscore hr-center ul-star pre-tick">

  58. 

  59. <article>

  60.   <header>

  61.     <h1>DST Root CA X3 Expiration (September 2021)</h1>

  62.   </header>

  63.   <nav>

  64.     <p class="center">

  65.       <a href="/david/" title="Aller à l’accueil"><svg class="icon icon-home">

  66.         <use xlink:href="/static/david/icons2/symbol-defs.svg#icon-home"></use>

  67.       </svg> Accueil</a> •

  68.       <a href="https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/" title="Lien vers le contenu original">Source originale</a>

  69.     </p>

  70.   </nav>

  71.   <hr>

  72.   <p>On September 30 2021, there will be a small change in how older browsers and devices

  73. trust Let’s Encrypt certificates. If you run a typical website, you won’t notice

  74. a difference - the vast majority of your visitors will still accept your Let’s

  75. Encrypt certificate. If you provide an API or have to support IoT devices, you

  76. might have to pay a little more attention to the change.</p>

  77. 

  78. <p>Let’s Encrypt has a “<a href="https://letsencrypt.org/docs/glossary/#def-root">root certificate</a>” called <a href="https://letsencrypt.org/certificates/" hreflang="en-US">ISRG Root X1</a>. Modern browsers and

  79. devices trust the Let’s Encrypt certificate installed on your website because

  80. they include ISRG Root X1 in their list of root certificates. To make sure the

  81. certificates we issue are trusted on older devices, we also have a

  82. “cross-signature” from an older root certificate: DST Root CA X3.</p>

  83. 

  84. <p>When we got started, that older root certificate (DST Root CA X3) helped us get

  85. off the ground and be trusted by almost every device immediately. The newer root

  86. certificate (ISRG Root X1) is now widely trusted too - but some older devices

  87. won’t ever trust it because they don’t get software updates (for example, an

  88. iPhone 4 or an HTC Dream). <a href="https://letsencrypt.org/docs/certificate-compatibility/" hreflang="en-US">Click here for a list of which platforms trust ISRG

  89. Root X1</a>.</p>

  90. 

  91. <p>DST Root CA X3 will expire on September 30, 2021. That means those older devices

  92. that don’t trust ISRG Root X1 will start getting certificate warnings when

  93. visiting sites that use Let’s Encrypt certificates. There’s one important

  94. exception: older Android devices that don’t trust ISRG Root X1 will continue to

  95. work with Let’s Encrypt, <a href="https://letsencrypt.org/2020/12/21/extending-android-compatibility.html">thanks to a special cross-sign from DST Root CA X3</a>

  96. that extends past that root’s expiration. This exception only works for Android.</p>

  97. 

  98. <p>What should you do? For most people, nothing at all! We’ve set up our

  99. certificate issuance so your web site will do the right thing in most cases,

  100. favoring broad compatibility. If you provide an API or have to support IoT

  101. devices, you’ll need to make sure of two things: (1) all clients of your API

  102. must trust ISRG Root X1 (not just DST Root CA X3), and (2) if clients of your

  103. API are using OpenSSL, <a href="https://community.letsencrypt.org/t/openssl-client-compatibility-changes-for-let-s-encrypt-certificates/143816">they must use version 1.1.0 or later</a>. In OpenSSL

  104. 1.0.x, a quirk in certificate verification means that even clients that trust

  105. ISRG Root X1 will fail when presented with the Android-compatible certificate

  106. chain we are recommending by default.</p>

  107. 

  108. <p>If you have any questions about the upcoming expiration,

  109. <a href="https://community.letsencrypt.org/t/help-thread-for-dst-root-ca-x3-expiration-september-2021/149190">please post to this thread on our forum.</a></p>

  110. </article>

  111. 

  112. 

  113. <hr>

  114. 

  115. <footer>

  116.   <p>

  117.     <a href="/david/" title="Aller à l’accueil"><svg class="icon icon-home">

  118.         <use xlink:href="/static/david/icons2/symbol-defs.svg#icon-home"></use>

  119.       </svg> Accueil</a> •

  120.     <a href="/david/log/" title="Accès au flux RSS"><svg class="icon icon-rss2">

  121.         <use xlink:href="/static/david/icons2/symbol-defs.svg#icon-rss2"></use>

  122.       </svg> RSS</a> •

  123.     <a href="http://larlet.com" title="Go to my English profile" data-instant><svg class="icon icon-user-tie">

  124.         <use xlink:href="/static/david/icons2/symbol-defs.svg#icon-user-tie"></use>

  125.       </svg> Pro</a> •

  126.     <a href="mailto:david%40larlet.fr" title="Envoyer un courriel"><svg class="icon icon-mail">

  127.         <use xlink:href="/static/david/icons2/symbol-defs.svg#icon-mail"></use>

  128.       </svg> Email</a> •

  129.     <abbr class="nowrap" title="Hébergeur : Alwaysdata, 62 rue Tiquetonne 75002 Paris, +33184162340"><svg class="icon icon-hammer2">

  130.         <use xlink:href="/static/david/icons2/symbol-defs.svg#icon-hammer2"></use>

  131.       </svg> Légal</abbr>

  132.   </p>

  133.   <template id="theme-selector">

  134.       <form>

  135.           <fieldset>

  136.               <legend><svg class="icon icon-brightness-contrast">

  137.                 <use xlink:href="/static/david/icons2/symbol-defs.svg#icon-brightness-contrast"></use>

  138.               </svg> Thème</legend>

  139.               <label>

  140.                   <input type="radio" value="auto" name="chosen-color-scheme" checked> Auto

  141.               </label>

  142.               <label>

  143.                   <input type="radio" value="dark" name="chosen-color-scheme"> Foncé

  144.               </label>

  145.               <label>

  146.                   <input type="radio" value="light" name="chosen-color-scheme"> Clair

  147.               </label>

  148.           </fieldset>

  149.       </form>

  150.   </template>

  151. </footer>

  152. <script>

  153.     function loadThemeForm(templateName) {

  154.         const themeSelectorTemplate = document.querySelector(templateName)

  155.         const form = themeSelectorTemplate.content.firstElementChild

  156.         themeSelectorTemplate.replaceWith(form)

  157. 

  158.         form.addEventListener('change', (e) => {

  159.             const chosenColorScheme = e.target.value

  160.             localStorage.setItem('theme', chosenColorScheme)

  161.             toggleTheme(chosenColorScheme)

  162.         })

  163. 

  164.         const selectedTheme = localStorage.getItem('theme')

  165.         if (selectedTheme && selectedTheme !== 'undefined') {

  166.             form.querySelector(`[value="${selectedTheme}"]`).checked = true

  167.         }

  168.     }

  169. 

  170.     const prefersColorSchemeDark = '(prefers-color-scheme: dark)'

  171.     window.addEventListener('load', () => {

  172.         let hasDarkRules = false

  173.         for (const styleSheet of Array.from(document.styleSheets)) {

  174.             let mediaRules = []

  175.             for (const cssRule of styleSheet.cssRules) {

  176.                 if (cssRule.type !== CSSRule.MEDIA_RULE) {

  177.                     continue

  178.                 }

  179.                 // WARNING: Safari does not have/supports `conditionText`.

  180.                 if (cssRule.conditionText) {

  181.                     if (cssRule.conditionText !== prefersColorSchemeDark) {

  182.                         continue

  183.                     }

  184.                 } else {

  185.                     if (cssRule.cssText.startsWith(prefersColorSchemeDark)) {

  186.                         continue

  187.                     }

  188.                 }

  189.                 mediaRules = mediaRules.concat(Array.from(cssRule.cssRules))

  190.             }

  191. 

  192.             // WARNING: do not try to insert a Rule to a styleSheet you are

  193.             // currently iterating on, otherwise the browser will be stuck

  194.             // in a infinite loop…

  195.             for (const mediaRule of mediaRules) {

  196.                 styleSheet.insertRule(mediaRule.cssText)

  197.                 hasDarkRules = true

  198.             }

  199.         }

  200.         if (hasDarkRules) {

  201.             loadThemeForm('#theme-selector')

  202.         }

  203.     })

  204. </script>

  205. </body>

  206. </html>