Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <buildfarm-members-owner+archive@lists.postgresql.org>)
	id 1sWH5e-00EDnn-9b
	for buildfarm-members@arkaria.postgresql.org; Tue, 23 Jul 2024 15:06:10 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <buildfarm-members-owner+archive@lists.postgresql.org>)
	id 1sWH5b-00EQfZ-Pk
	for buildfarm-members@arkaria.postgresql.org; Tue, 23 Jul 2024 15:06:08 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <andrew@dunslane.net>)
	id 1sWH5b-00EQdi-Cc
	for buildfarm-members@lists.postgresql.org; Tue, 23 Jul 2024 15:06:08 +0000
Received: from mail-yw1-x112e.google.com ([2607:f8b0:4864:20::112e])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <andrew@dunslane.net>)
	id 1sWH5U-0014hk-8w
	for buildfarm-members@postgresql.org; Tue, 23 Jul 2024 15:06:06 +0000
Received: by mail-yw1-x112e.google.com with SMTP id
 00721157ae682-66493332ebfso49939977b3.3
        for <buildfarm-members@postgresql.org>;
 Tue, 23 Jul 2024 08:05:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=dunslane-net.20230601.gappssmtp.com; s=20230601; t=1721747157;
 x=1722351957; darn=postgresql.org;
        h=in-reply-to:autocrypt:to:content-language:from:references:subject
         :user-agent:mime-version:date:message-id:from:to:cc:subject:date
         :message-id:reply-to;
        bh=a3+i/4LE82yd8ofwjkMXtEblAD6uwG2OY/QNwHm2hAU=;
        b=jJT24daMSEOfmF2z0pL0R1d1TH9OJIpwOlOOjuU8AYSW7DR/DyHuXLwFEFR21i/XTt
         CCWLku2NZ8GUez0mvm0Qvvfw4gE6PDXCl0ZL+LTgleqSVarjooxitzEooXJcFAgRDrqA
         MtMCEXXQK0JC10diTKKOKf25dZVAeXr3ytrRPynK3MfKVuyK6a+4D+juwp14J0TiRwo5
         dy8/rz6qYrJv958yrrA6eAAKySxIfuL5Ez0KICUnJnK1DYNHSLHcC7HlijGgZ3bX6PwG
         O9GJVJs0zApuk/+Isy20k0ZkeNNxOs4LcXn5HsCxNgVwnRcqW5pBVzHajMbnPzPTyU6n
         ukCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1721747157; x=1722351957;
        h=in-reply-to:autocrypt:to:content-language:from:references:subject
         :user-agent:mime-version:date:message-id:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=a3+i/4LE82yd8ofwjkMXtEblAD6uwG2OY/QNwHm2hAU=;
        b=JtzLGB506vHaqwq0MOhF5yzqJVjfATaUGxisduQNwKi0fNVFbpuCi6/t3Rhr/gRpNW
         i17EV5BNEd/8/oeLC4RIE0Zlu7AXLcG7rSGm87JE6p/XTkIx4osfT3GkJ/QgQFvU5cmg
         VW44eiBizIpYzdc7ZQVG4uAOQjyjZHhMkb/MNoYaYdBp96UEGQcLsqGufNKixsKSDWaj
         mR1+6cMxmtgrzlDPpaNf5qSvPucVciSO5fZsy6770/HF4ur3U84V9ptTPbNCcgLNS0RN
         T0ATkdfCfL8dcx3NOOspzM+jwDJZfdFHLwP9Ai/ulKFJrsrgAvrbXPysi5Lxw/nWcut6
         QD7w==
X-Gm-Message-State: AOJu0YzA2TMyX91mxTyF7tFeWvW/EJnyEE4w0IG/9iEE5JdwFpy1XLUJ
	gQrWT7j7tPTpLTp2UfGUexBcAaoYy2RkdtkCVHJu7jJjZowbr40BeAQh15fYg7dUXjW4Q93mn8K
	F
X-Google-Smtp-Source: 
 AGHT+IEwKFGfZtc4cOglV1aWOk7N68jelhfHw/tEO0MqsGLYW2Z9ac1SpnZLjPtTilQ05TTWTsm3Aw==
X-Received: by 2002:a05:690c:4e0e:b0:66a:109:565c with SMTP id
 00721157ae682-66a68b87c2emr103175867b3.11.1721747157205;
        Tue, 23 Jul 2024 08:05:57 -0700 (PDT)
Received: from ?IPV6:2605:a601:9180:9800::2bb? ([2605:a601:9180:9800::2bb])
        by smtp.googlemail.com with ESMTPSA id
 00721157ae682-66953ae074dsm20339297b3.96.2024.07.23.08.05.56
        for <buildfarm-members@postgresql.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 23 Jul 2024 08:05:56 -0700 (PDT)
Content-Type: multipart/alternative;
 boundary="------------1ARpTZYZ9qITRPXJnqi0W4J2"
Message-ID: <51967b75-67a5-4e0d-a1f5-b6c0fd87b7e4@dunslane.net>
Date: Tue, 23 Jul 2024 11:05:54 -0400
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Fwd: Heads up about TLS certificates
References: 
 <CABUevEzfLr7CoOXi_n=Q9ufyP-huy0-U-Lz_B=24zmyns_uZEg@mail.gmail.com>
From: Andrew Dunstan <andrew@dunslane.net>
Content-Language: en-US
To: buildfarm-members@postgresql.org
Autocrypt: addr=andrew@dunslane.net; keydata=
 xsBNBE7KWFkBCAClridxur2AIc7eW2AR7izbfp3EnNefie2HbLF0izW5Ik5UjX2HBXBx4syI
 gY6b0ugohXrr274+baoAlvSbq6cAoQuEVrk5IZFzt20b1Xkx65FwGSEj526yiKLocqkJceSq
 Xr9xcA5SGY+FZv441chh5SU92v4q6z+6LPpoHOh97ptAVXZYNTtU0LevyvD5lja0TzbvJm6C
 eFXitJfnm1pLEr0DGJCR/iUOl/N62Kh4855zZC7NHIjQHPOvV5Stz/l5ilDhvGVk+xkXFPys
 SjZoUr1rXhYLpiyi5sR0X9FHXT0KnGuz1F5ERO7ZTLSSQ6fJwPj6gOk9K+vvoKvoeql5ABEB
 AAHNJEFuZHJldyBEdW5zdGFuIDxhbmRyZXdAZHVuc2xhbmUubmV0PsLAmwQTAQgARQIbAwIX
 gAIZAQULCQgHAgMiAgEGFQoJCAsCBBYCAwECHgcWIQTkPlhGHfx8v0RpFaWZ+n/LWfw7gQUC
 ZFlxxwUJGVGAbgAKCRCZ+n/LWfw7gXikB/9ZdcUy6CTBFIIuL/bVsc1eLEW/gJBjJBF6HxNY
 xgEkAgXAp4Lg4A5U+QB9GouFr7+GYxF0BU4hzoGhNPUWltxnHdMWP8nC/38LAqgMi8L/bbsm
 HW5YPBdWYaAZAPJQVfOAgjTbRUb26KSprpyrrJKW0ZmrZfjhNPcQ72jpWzoPLQqx2X6B0fru
 1jq+cBh8lb6r1mJTim1T3JIn+F/v5VpdQS+EL8xqsHkfzKjIPsW3CIXpkypSk6saA55Rkkbl
 26AW8ftPVB0Q6Lnn6FLt9CP0MGNixBQ55yq8r1K+nCBvCCjvQjM8RDm0UUum0WNl+ifQgTLO
 E8TWEnwVtkBf+3QWzsBNBE7KWFkBCADRnOM0FCzsYW6jtncg+dWIagjUZpvaClmqn/sJluLa
 Q3v1VXMQJzYs3eC1gh386W+XBwLRpDj3jzH81lX+p73Re3d3oJW7X+ffsxuzu5ZVdMUkqBYo
 nkAbKxr6gyJ12F/+JkUVzLcoTN+d/7YsQvUVi7NaKH8mJgjz112O4fUe3p9wfAaFa0RXHc5S
 GPzRTYRRlv/XZBIho4J2tkZOnteZJZ+GbxQVlINt6fd8P6al3MWOvpP/ExJPguEfjOsO6Njy
 xjo3WfpD4lHMOR/Oc3/8mScEF84rF2jXbsFgelWnbPWAvXY+pD0dXOFRkagGmC/viwBDqq5b
 5tk76kKmUbZxABEBAAHCwHwEGAEIACYCGwwWIQTkPlhGHfx8v0RpFaWZ+n/LWfw7gQUCZFlx
 5wUJGVGAjgAKCRCZ+n/LWfw7gf+iB/4g8CPY5jihf5r/8EsoIGe2H+dpVmpPF8YGBzTIvCz/
 fQoOq8AX/pE76QEuFnFZWfjw+wgBXgCVmkox2Eflkk6z4ND3pcwGZ6CfCxTQCDk/dij+2DQ4
 6bmDCy/sBgcbz9mTpoLC11HLoPae6YN9nBNQRZDcEFEu54OaVOqlIdbA6m+POIBCXZdHOFc0
 WoDTgxHRzC1jgQNidyd6tKqcsVJs0dzF0oKTmFFmUAqTdJO12LBuNA1rlqrR3EtpYk8B/wtS
 5dIMD7Q8hwQpL+4C6GNpb6ZKnPkLi47pDOLhz2qBrqN+rqUEsT3YnExYpzj5yOBi+FlmV1Hw
 49QYe1sn2ZPs
In-Reply-To: 
 <CABUevEzfLr7CoOXi_n=Q9ufyP-huy0-U-Lz_B=24zmyns_uZEg@mail.gmail.com>
X-Forwarded-Message-Id: 
 <CABUevEzfLr7CoOXi_n=Q9ufyP-huy0-U-Lz_B=24zmyns_uZEg@mail.gmail.com>
List-Id: <buildfarm-members.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:buildfarm-members@lists.postgresql.org>
List-Owner: <mailto:buildfarm-members-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/buildfarm-members>
Archived-At: 
 <https://www.postgresql.org/message-id/51967b75-67a5-4e0d-a1f5-b6c0fd87b7e4%40dunslane.net>
Precedence: bulk

This is a multi-part message in MIME format.
--------------1ARpTZYZ9qITRPXJnqi0W4J2
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit




-------- Forwarded Message --------
Subject: 	Heads up about TLS certificates
Date: 	Tue, 23 Jul 2024 16:49:52 +0200
From: 	Magnus Hagander <magnus@hagander.net>
To: 	buildfarm-admins@lists.postgresql.org
CC: 	sysadmins <sysadmins@postgresql.org>



Hello!

Here's a heads-up that LetsEncrypt are discontinuing the "alternative 
chain" they put in place back in 2021 for backwards compatibility with 
older clients. That means that at the next refresh of the TLS 
certificates for the buildfarm server, it will be automatically updated 
to their new issuer certificates (and in fact to an updated intermediate 
cert as well).

As they have discontinued the old compatibility ones, there is not much 
we can do about it. Hopefully all buildfarm clients are enough up to 
date to work out of the box with the new chain, in which case nothing 
needs to be done.

The same certificate shift will happen on git.postgresql.org 
<http://git.postgresql.org> that also has the compatibility chain today 
specifically for really old buildfarm animals.

LE article: https://letsencrypt.org/2024/04/12/changes-to-issuance-chains

We expect this shift to happen in the next couple of days or week 
(there's some dynamicness to it, so we don't know exactly when)

So, please keep an eye out. And if your animal does fail to communicate 
after this date, please reach out to us at sysadmins@postgresql.org and 
we'll see if we can help you figure out how to get things back up!

//Magnus

--
Andrew Dunstan
EDB:https://www.enterprisedb.com

--------------1ARpTZYZ9qITRPXJnqi0W4J2
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

<!DOCTYPE html>
<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p><br>
    </p>
    <div class="moz-forward-container"><br>
      <br>
      -------- Forwarded Message --------
      <table class="moz-email-headers-table" cellspacing="0"
        cellpadding="0" border="0">
        <tbody>
          <tr>
            <th valign="BASELINE" nowrap="nowrap" align="RIGHT">Subject:
            </th>
            <td>Heads up about TLS certificates</td>
          </tr>
          <tr>
            <th valign="BASELINE" nowrap="nowrap" align="RIGHT">Date: </th>
            <td>Tue, 23 Jul 2024 16:49:52 +0200</td>
          </tr>
          <tr>
            <th valign="BASELINE" nowrap="nowrap" align="RIGHT">From: </th>
            <td>Magnus Hagander <a class="moz-txt-link-rfc2396E" href="mailto:magnus@hagander.net">&lt;magnus@hagander.net&gt;</a></td>
          </tr>
          <tr>
            <th valign="BASELINE" nowrap="nowrap" align="RIGHT">To: </th>
            <td><a class="moz-txt-link-abbreviated" href="mailto:buildfarm-admins@lists.postgresql.org">buildfarm-admins@lists.postgresql.org</a></td>
          </tr>
          <tr>
            <th valign="BASELINE" nowrap="nowrap" align="RIGHT">CC: </th>
            <td>sysadmins <a class="moz-txt-link-rfc2396E" href="mailto:sysadmins@postgresql.org">&lt;sysadmins@postgresql.org&gt;</a></td>
          </tr>
        </tbody>
      </table>
      <br>
      <br>
      <div dir="ltr">Hello!
        <div><br>
        </div>
        <div>Here's a heads-up that LetsEncrypt are discontinuing the
          "alternative chain" they put in place back in 2021 for
          backwards compatibility with older clients. That means that at
          the next refresh of the TLS certificates for the buildfarm
          server, it will be automatically updated to their new issuer
          certificates (and in fact to an updated intermediate cert as
          well).</div>
        <div><br>
        </div>
        <div>As they have discontinued the old compatibility ones, there
          is not much we can do about it. Hopefully all buildfarm
          clients are enough up to date to work out of the box with the
          new chain, in which case nothing needs to be done.</div>
        <div><br>
          The same certificate shift will happen on <a
            href="http://git.postgresql.org" moz-do-not-send="true">git.postgresql.org</a>
          that also has the compatibility chain today specifically for
          really old buildfarm animals.</div>
        <div><br>
        </div>
        <div>LE article: <a
href="https://letsencrypt.org/2024/04/12/changes-to-issuance-chains"
            moz-do-not-send="true" class="moz-txt-link-freetext">https://letsencrypt.org/2024/04/12/changes-to-issuance-chains</a></div>
        <div><br>
        </div>
        <div>We expect this shift to happen in the next couple of days
          or week (there's some dynamicness to it, so we don't know
          exactly when)</div>
        <div><br>
        </div>
        <div>So, please keep an eye out. And if your animal does fail to
          communicate after this date, please reach out to us at <a
            href="mailto:sysadmins@postgresql.org"
            moz-do-not-send="true" class="moz-txt-link-freetext">sysadmins@postgresql.org</a>
          and we'll see if we can help you figure out how to get things
          back up!</div>
        <div><br>
        </div>
        <div>//Magnus</div>
      </div>
    </div>
    <pre class="moz-signature"
    signature-switch-id="d0437855-2267-4610-80b3-83167ec45b0b" cols="72">--
Andrew Dunstan
EDB: <a class="moz-txt-link-freetext" href="https://www.enterprisedb.com">https://www.enterprisedb.com</a>
</pre>
  </body>
</html>

--------------1ARpTZYZ9qITRPXJnqi0W4J2--