Am Dienstag, 18. Juli 2017, 01:52:53 CEST schrieb Reimar Döffinger:
> On 18.07.2017, at 00:59, James Almer <jamr...@gmail.com> wrote:
>
> > On 7/17/2017 7:49 PM, Moritz Barsnick wrote:
> >> On Mon, Jul 10, 2017 at 13:53:02 +0300, Boris Pek wrote:
> >>> Latest news about this topic:
> >>> https://groups.google.com/a/chromium.org/forum/#!topic/net-dev/FKXe-76GO8Y
> >>
> >> Ah, thanks, I neglected to report this, because I thought it was an
> >> issue with my Opera Developer (48), which uses the Chrome engine. Opera
> >> (like Chrome) recently reports ffmpeg.org's certificate as revoked, but
> >> I found no tool which could verify this...
> >
> > The cert is by StartCom. Afaik everyone blacklisted certs issued by them
> > after a certain date, and now some, like Google, are also blacklisting
> > certs issued before that date as well.
> > Mozilla hasn't done the latter yet, so Firefox doesn't complain about
> > it, but i guess a new cert is overdue.
>
> New certs are already being generated, but nobody had the time to do the
> transition, there is a risk of the automation failing
> (I think the web server needs to be made to reload the certificate, which is
> problematic as an ordinary user and there is no way I'd ever run any of that
> letsencrypt stuff as root),
This seems to work as cronjob:
```
#!/bin/sh
su -c "certbot renew 2>/dev/null | grep 'No renewals' >/dev/null" letsencrypt
-s /bin/bash
if [ $? -eq 1 ]; then
service nginx reload
fi
```
Gerion
> it is also a step backwards as the letsencrypt one is a domain-only
> certificate, and due to TLS's idiotic design decisions it's not possible to
> just deliver both certificates...
> Thus the current situation.
> Lack of time for proper testing being the biggest issue though...
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
