Let's Encrypt certificate expiry
On October 1st 2021 the old Let’s Encrypt root certificate will expire, and as such HTTPS connections secured by that certificate will not work anymore.
This change impacts many platforms - see https://letsencrypt.org/docs/certificate-compatibility/ - including CentOS 7 and Java.
This is likely to affect you, because:
- Most Asterisk distros (e.g. FreePBX, Issabel, Ombutel and many more) are based on CentOS;
- Let’s Encrypt is possibly the largest certificate authority, so it is very likely that your server(s) make connections to systems secured by Let’s Encrypt;
- We use Let’s Encrypt on our license validation servers;
- As QueueMetrics and WombatDialer can be automatically installed on CentOS systems, most production systems are based on CentOS.
What to do about it
If you run a system based on CentOS 7, you need to update its certificates by issuing (as root
):
yum update ca-certificates
This command will update the system’s trusted certificates.
You need to have at least version 2021.2.50
(that was unfortunately released just a few days ago).
If you run a system based on an older version, like CentOS 6 or even CentOS 5, you may do a manual patch of the certificates, but it’s really time to update.
If you run on a system based on Debian or other Linux OS, please check with your distribution to make sure certificates are updated.
You will also need to make sure that your version of the Java JDK is supported; you need to have at least JDK 8 update 101 (that was released in July 2016, so it’s very likely that it’s already present).
To check whether it is okay, you can look at the item called Java Runtime on QueueMetrics’ license page, or from a shell just run:
# yum list installed | grep openjdk
java-1.8.0-openjdk.x86_64 1:1.8.0.272.b10-1.el7_9 @updates
java-1.8.0-openjdk-devel.x86_64 1:1.8.0.272.b10-1.el7_9 @updates
java-1.8.0-openjdk-headless.x86_64 1:1.8.0.272.b10-1.el7_9 @updates
In the example above, the release is 272
, so it is good enough. If you want to update it, just run:
yum update -y java-1.8.0-openjdk-devel
And restart.
You should upgrade the JDK every once in a while, at least to make sure that the tzdata
database that handles daylight saving times is updated.
We can help
While updating is easy, we understand if this is not your piece of cake.
Our Remote Support services can definitely help in making sure everything is in order or perform upgrades when necessary.