Outage https://meta.miraheze.org/wiki/Special:IncidentReports/31 was caused by an old, expired root certificate. However, the modern fix was relying on the UserTrust RSA Certification Authority root for our services. For some reason, that doesn't work and instead we have to rely on the AAA Certificate Services root. AAA Certificate Services is considered a legacy implementation, thus I have the feeling something is incorrectly configured when it comes to root certificates.
Description
Description
Event Timeline
Comment Actions
We're now using the ca-certificates and capath approach with web configuration. Chains are now created and regularly updated by the CA themselves, rather than us manually adding and maintaining them. CAs also maintain their own trust chains.