[{"data":1,"prerenderedAt":74},["ShallowReactive",2],{"zh-cn:CommonContent:/news/2021-09-27-lets-encrypt-cert-expire":3},{"id":4,"title":5,"body":6,"categories":63,"date":65,"description":12,"extension":66,"home":67,"important":68,"meta":69,"navigation":68,"path":70,"seo":71,"stem":72,"__hash__":73},"zhCN/news/2021-09-27-lets-encrypt-cert-expire.md","有关 Let's Encrypt 主要根证书迁移的注意事项",{"type":7,"value":8,"toc":60},"minimark",[9,13,21,30,40,43,54,57],[10,11,12],"p",{},"由于 Let's Encrypt 先前的主要根证书 DST Root CA X3 将于 2021 年 9 月 30 日过期，Let's Encrypt 在更换根证书后采取了一系列补救措施，以避免老设备和系统无法正常访问由新证书保护的站点。",[10,14,15,16,20],{},"而由于其中一个措施导致使用旧版 OpenSSL 和 GnuTLS 库的应用无法连接任何受 Let's Encrypt 保护的站点，AOSC OS 被迫通过 ",[17,18,19],"code",{},"ca-certs"," 20210907 更新禁用 DST Root CA X3 根证书来避免这一状况发生。",[10,22,23,24,26,27,29],{},"尽管 DST Root CA X3 在本月末前仍然有效，如果更新了 ",[17,25,19],{},"，你可能无法访问仅由其保护的站。这样的站点非常少见，但如果你不幸遇上这样的站点，可以使用如下命令手动回滚 ",[17,28,19],{}," 至 20201201-1 来暂时恢复访问：",[31,32,37],"pre",{"className":33,"code":35,"language":36},[34],"language-text","sudo apt install ca-certs=20211201-1\n","text",[17,38,35],{"__ignoreMap":39},"",[10,41,42],{},"该预警将于 2021 年 9 月 30 日失效，届时你可放心升级至新版。",[10,44,45,46,53],{},"欲知更多详情及讨论，请参阅 ",[47,48,52],"a",{"href":49,"rel":50},"https://github.com/AOSC-Dev/aosc-os-abbs/discussions/3473",[51],"nofollow","aosc-os-abbs #3473"," 。",[55,56],"hr",{},[10,58,59],{},"— Kexy Biscuit, Zixing Liu",{"title":39,"searchDepth":61,"depth":61,"links":62},2,[],[64],"advisories","2021-09-27T16:54:24.000Z","md",false,true,{},"/news/2021-09-27-lets-encrypt-cert-expire",{"title":5,"description":12},"news/2021-09-27-lets-encrypt-cert-expire","jZQTRkj4zCm74G_0hYHomQlOmNzXBbeqYxAP4xuoi9Y",1773742826542]