Gpg4win LetsEncrypt issue

Anze Jensterle anze at anze.dev
Thu Jan 6 15:33:10 CET 2022


That's the weird thing: I had the new root installed all this time (I
checked multiple times). Only deleting the old intermediates instead of the
root helped. Do you also check all the intermediate paths?
So the path to verify was SERVER->INTERMEDIATE(R3 signed by DST Root)->DST
ROOT, both the SERVER->INTERMEDIATE (R3 signed by ISRG Root X1)->ISRG ROOT
(cross-signed by DST), or the  SERVER->INTERMEDIATE (R3 signed by ISRG Root
X1)->ISRG ROOT (self-signed) never happened.
Best,
Anze

On Thu, Jan 6, 2022 at 3:30 PM Werner Koch <wk at gnupg.org> wrote:

> On Thu,  6 Jan 2022 12:02, Anze Jensterle said:
>
> > Any idea why? I suspect it has to do with old intermediates being
> > crosssigned as well.
>
> If you don't have the current LE root certificate the old certification
> path is tried.
>
>
> Shalom-Salam,
>
>    Werner
>
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220106/07ec476e/attachment.html>


More information about the Gnupg-users mailing list