Transitioning to Let’s Encrypt wildcard certificates

A month ago I issued a wildcard certificate for *.paranoidpenguin.net and patiently awaited the expiration of my old HPKP policy. Eventually the time to install the new key and certificate arrived, but to my great dismay, things did not turn out according to plan. Upon restarting the Apache web server, I got served with the following (epic) failure:

AH01909: www.blog.paranoidpenguin.net:443:0 server certificate does NOT include an ID which matches the server name

Continue reading

Let’s Encrypt goes TITSUP

Let’s Encrypt suffered from a major service disruption today leaving users unable to access various services. The cause of the problem seems to have been an update to Boulder (ACME CA) which has since been reversed.

Even though the inability to issue certificates was surely a nuisance, the biggest problem might have been a nonresponding OCSP responder.

Continue reading