LETS ENCRYPT everytime 2 times one with poison and why a unknown status in orange warning for CRL

6 posts / 0 new
Last post
#1 Tue, 08/06/2019 - 02:33
Jfro

LETS ENCRYPT everytime 2 times one with poison and why a unknown status in orange warning for CRL

YOU can all check yourself for example also the virtualmin.com has this.

So i don't understand this 2 times one with poison.?


            CT Precertificate Poison: critical
                0000 - 05 00   

And also the ORANGE warning UNKNOWN FOR CRL?

Mechanism Provider Status Revocation Date Last Observed in CRL Last Checked (Error)
OCSP The CA Check ? n/a ?
CRL The CA Unknown n/a n/a (this one is WARNING in ORANGE)

Check here: https://crt.sh/?q=virtualmin.com

Then result example:

crt.sh ID Logged At  ⇧ Not Before Not After Issuer Name
2019-07-08 2019-07-08 2019-10-06 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
2019-07-08 2019-07-08 2019-10-06 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3

the second for same date in that list has everytime the "POISON" in it.

at https://crt.sh you can check your server / domains handy for rate limits and co.

https://letsencrypt.org/docs/rate-limits/

EDIT: Sorry this should be in "General" while it is LE thing i and maybe more Admins want to know those things the meaning and a why and... Those started in MAY 2018 before not!

Tue, 08/06/2019 - 02:57
noisemarine

I'm not sure what question you are asking? If you are wondering if this is something to do with how Virtualmin handles LE certificates, then you could check this and wonder again: https://crt.sh/?q=crt.sh

Tue, 08/06/2019 - 03:33
Jfro

I 'm asking not for virtualmin see my edit but General. Someone knows why the word POISON is in it while normally this is a ... word / text for is not ok?

Tue, 08/06/2019 - 03:35
noisemarine

OK, but why not email the crt.sh maintainers? They would know.

Tue, 08/06/2019 - 04:01 (Reply to #4)
Jfro

Can't find mailadres sorry. edit found one don't know it is valid but.. Here poison to in first attempt. So for the moment having that in only first attempt and second ok i hope / think is OK?

Please check
https://crt.sh/?q=digicert.com

then id https://crt.sh/?id=927611828
Tue, 08/06/2019 - 04:48
Jfro
Hi. This isn't a warning or an error. It's part of CT.

See https://tools.ietf.org/html/rfc6962#section-3.1.