Apparently, Let's Encrypt changed their CDN provider from Akamai to Cloudflare in order to be able to terminate TLS sessions in their own infrastructure. This seems to have exposed a couple of client errors with case handling in HTTP requests and -headers that were previously hidden by CDN magic, see issues attached to community.letsencrypt.org/t/ne
Old versions of Dehydrated and acme.sh seem to be affected, in particular (and cPanel).

#letsencrypt

Suivre

@galaxis Note that it was fixed in dehydrated *before* but not always deployed github.com/lukas2511/dehydrate

"JWS has no anti-replay nonce"

@bortzmeyer Thanks for pointing to that L'E change in your previous post - I'm almost certain to run into trouble with this in some of my special installations of very old software...

(They also hinted at planning to tighten down their cipher suite selection, which is probably going to pose a host of new problems...)

Inscrivez-vous pour prendre part à la conversation
Mastodon - Gougère Network

Le réseau social de l'avenir : Pas d'annonces, pas de surveillance institutionnelle, conception éthique et décentralisation ! Possédez vos données avec Mastodon !