Sections in this article
- Let’s Encrypt root certificate expired on September 30, 2021
- Verifying that a task sync failure is due to an expired Let’s Encrypt root certificate
- Solution: Replace expired DST root certficate with current ISRG Root X1
Let’s Encrypt root certificate expired on September 30, 2021
Let’s Encrypt is a nonprofit certificate authority that provides TLS certificates powering much of the secure web. WingTask taskserver uses Let’s Encrypt for the TLS certificates, on September 30, 2021 the DST Root CA X3 certificate for Let’s Encrypt expired. This impacts WingTask users who try to sync with the expired CA root which was given to all users prior to October 13th, 2021 as part of the wingtask certificates and is file ‘dst.pem’.
.taskrc config is configured to use the expired root cert (dst.pem):
Verifying that a task sync failure is due to an expired Let’s Encrypt root certificate
This issue will affect WingTask users who signed up before October 1st, 2021 and not users after October 1st, 2021. The issue is first noticed when attempting to sync.
Running task sync with diagnostic arguments can provide a more specific reason for the sync failure.
$ task rc.debug=1 rc.debug.tls=2 sync
Solution: Replace expired DST root certficate with current ISRG Root X1
- Download new root certificate ISRG Root X1 More info on ISRG ROOT X1
- Move isrg_root_x1.pem to your wingtask_certs dir located at ~/.wingtask_certs
- Configure taskd to use isrg_root_x1.pem as the new taskd.ca setting
- Sync should now be working
$ task config taskd.ca "~/.wingtask_certs/isrg_root_x1.pem" Config file /home/timcase/.taskrc modified.
$ task sync