Issue with SSL Certificate (September 30 2021)

-- pentru versiunea in limba romana dati scroll in jos --

 

This document may be updated as we discover new information. If everything is going ok, don't worry, it's normal - the problem should only affect a very small minority of users.

Some clients were affected by Let's Encrypt's old root certificate expiring on September 30. To mitigate the effects, we've temporarily stopped the auto-redirect to SSL, so if you access CourierManager using the http:// version of the address, it will work. This is a temporary fix intended to last at most a few days. 

Another workaround is switching to Firefox, which is managing its own certificate chain and as such is not affected by the problem. 

Some of the affected systems will recover on their own. For example for Windows 10 there was already an update issued to fix the issue, so simply updating windows should solve the problem. 

For older systems (windows 7 or xp), manually updating the certificate chain may be necessary. The procedure to do so on windows systems is:

1. From the search bar in windows, type run, then in the run windows type certmgr.msc
2. delete the invalid certificate: DST Root CA X3
3. Download the following certificate and import them in the root store (just click on it): https://letsencrypt.org/certs/isrgrootx1.der
4. reboot the computer

For clients connecting to CourierManager via an API, you will need to update the trust store on that computer. For windows machines the instructions are the same as above. For linux (CentOS) you may try:

curl https://curl.se/ca/cacert.pem -o /etc/pki/ca-trust/source/anchors/curl-cacert-updated.pem && update-ca-trust

For CentOS7: https://blog.devgenius.io/rhel-centos-7-fix-for-lets-encrypt-change-8af2de587fe4

For Linux (debian, ubuntu):

curl https://curl.se/ca/cacert.pem -o /usr/local/share/ca-certificates/curl-cacert-updated.crt && update-ca-certificates

And also restart the app/framework connecting to the API.

 

 

Vom modifica acest document pe masura ce avem informatii noi. Daca totul merge ok la tine, nu te ingrijora - e normal. Doar o mica minoritate a utilizatorilor este afectata.

O mica parte din clienti au fost afectati de expirarea certificatului vechi de root al Let's Encrypt pe 30 septembrie. Pentru a limita efectele, am oprit temporar redirectarea automata catre https, deci daca aveti dificultati, pur si simplu accesati CourierManager folosind versiunea cu http a aplicatiei (ex: http://app.couriermanager.eu, sau http://app.nemoexpress.ro). Acesta este o solutie temporara pentru urmatoarele zile. 

O solutie alternativa este sa folositi Firefox, care nu are aceasta problema. 

Unele din sistemele afectate se vor repara de la sine, majoritatea printr-un update de windows. 

Pentru sistemele mai vechi (windows 7 sau xp) este posibil sa fie nevoie de un update manual al certificatelor. Procedura este urmatoarea:

1. In bara de cautare din stanga jos tastati run, apoi in fereastra noua tastati certmgr.msc
2. stergeti certificatul invalid: DST Root CA X3
3. downloadati certificatul urmator si dati click pe el: https://letsencrypt.org/certs/isrgrootx1.der
4. restartati calculatorul. 

Pentru clientii care se conecteaza la CourierManager folosind API, este nevoie sa reinnotiti certificatele de pe acea masina. Pentru windows instructiunile sunt cele de mai sus. Pentru linux (CentOS) puteti incerca:

curl https://curl.se/ca/cacert.pem -o /etc/pki/ca-trust/source/anchors/curl-cacert-updated.pem && update-ca-trust

Pentru CentOS7: https://blog.devgenius.io/rhel-centos-7-fix-for-lets-encrypt-change-8af2de587fe4

Pentru linux (Debian, Ubuntu):

curl https://curl.se/ca/cacert.pem -o /usr/local/share/ca-certificates/curl-cacert-updated.crt && update-ca-certificates

Si restartati programul care se conecteaza la API.