Lemmy 0.13.0 invalidated all authentication tokens meaning your current account will cause infinite spinners in lemmur. This has showed us that we should improve invalid auth handling, hence I have created a report for that: https://github.com/LemmurOrg/lemmur/issues/265
That’s all very well, but removing my account from lemmur (i.e. all the data) and then trying to log back in again results in:
HandshakeException: Handshake error in client (OS Error: CERTIFICATE_VERIFY_FAILED: certificate has expired(handshake.cc:359))
Could be related to the LetsEncrypt DST Root CA X3 expiry?
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
I don’t know. I can log in and use the web interface on the same device, so it’s specific to lemmur.
I see from your linked article that “older Android devices that don’t trust ISRG Root X1 will continue to work with Let’s Encrypt, thanks to a special cross-sign from DST Root CA X3 that extends past that root’s expiration.” So although I have an “older Android device” that I won’t allow to update due to the manufacturer’s “privacy” policy, it appears it should work, and indeed does in the browsers I’ve tested. As I say, it’s just Lemmur that’s not playing.
Do you see Internet Security Research Group under Settings > Security > Encryption & credentials > Trusted credentials in the System category?
If you do, do you see ISRC Root X1 or any other? If you don’t, are you able to import it manually?
https://letsencrypt.org/certificates/
It isn’t, and I can’t install it. The process seems to go okay using .pem file but there’s no sign of it afterwards in the list and Lemmr still doesn’t work.
Hmm, maybe the Lemmur dev could work around the issue by embedding the ISRC root certs for older devices.
https://www.danieldent.com/blog/android-apps-lets-encrypt-dst-root-expiry/
deleted by creator