Old key-chain still in use on api.h5p.org

serettig's picture

Hi,

 

Since Oct 1st users in the Lumi desktop app have been trouble connecting to your content type hub API at api.h5p.org. We've tracked down the cause and we believe that it might possibly also affect sites using H5P in WordPress, Moodle and Drupal or other implementations as well. So it's worth fixing this on your end (we're also deploying a fix for Lumi ASAP)

 

The cause is that api.h5p.org still includes an old root certificate from Let's Encrypt that has expired on Sept 30. You can read about this here: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ The fix seems to be simple: If you run certbot (newest version) with the argument --preferred-chain="ISRG Root X1" and fully restart the server, the new key-chain will be more prominent and clients won't have issue connecting. See https://community.letsencrypt.org/t/issues-with-electron-and-expired-root/160991/19 for more details.

 

@BV52 Can you please relay this to the dev team?

 

Best

Sebastian

BV52's picture

Hi Sebastian,

Thank you for informing us. The dev team has also seen the same issue and if I'm not mistaken they have already taken steps to resolve this (not sure if it's the same as you suggested). I'll still inform them regarding your suggestion.

-BV