Charlie StrossOct 17
New blog entry: The Pivot: https://www.antipope.org/charlie/blog-static/2025/10/the-pivot-1.html
Show threadTerence EdenOct 17
@cstross
FYI your website is blocked by the British Library's WiFi.
Doesn't seem to be blocking other Let's Encrypt certificates.
Show threadgwireOct 17
@Edent @cstross Oh, I think the site has bundled the intermediate cert R3 (which expired last month) instead of R13.
Show threadCharlie StrossOct 17
@gwire @Edent There was a borked scripted update last month (which got fixed): it may not have worked its way through yet.
Show threadgwire
@cstross @Edent I'd make a guess that you have an apache configuration with "SSLCertificateChainFile" that's pointing to an out-of-date file.
Oct 17 at 3:43pmIvory for Mac
Show threadCharlie StrossOct 17
@gwire @Edent Cert is valid according to Chrome locally here—I reckon you may have a caching problem somewhere betwen here and the BL.
Show threadgwireOct 17

@cstross @Edent Chrome is a bad diagnostic for this - it's something that browsers don't care about, but other network equipment might.

Your cert is fine, but your webserver is also sending intermediate certs that have expired. See the "NotAfter:" dates:

https://gist.github.com/gwire/4feba9e5e09daff5efb7fbd0e60fbf11

TLS for www.antipope.org

TLS for www.antipope.org. GitHub Gist: instantly share code, notes, and snippets.

Gist