Hi,

Clever project!

Since Let's Encrypt may at any moment switch over to the Let's Encrypt Authority X4 intermediate for new certificates (or use the ISRG-signed intermediate rather than the cross-signed one you include in this project), there is a decent amount of risk that the mod will unexpectedly stop working.

You can review the relationship between the certificates here - https://letsencrypt.org/certificates/

If I can suggest an alternate strategy for your patching of the trust store - trust these two certificates:

• ISRG Root X1 (self-signed)
• DST Root CA X3

All Let's Encrypt intermediates in existence will always be signed by one of these two trust anchors, so Java will always be able to validate a Let's Encrypt certificate's trustworthiness just from those two roots (now and in future).

Functionally your mod should remain the same, but be less fragile to future change.

Thanks!

Hi, thanks for the suggestion! I'll look into doing this :)

Since Let's Encrypt may at any moment switch over to the Let's Encrypt Authority X4 intermediate for new certificates (or use the ISRG-signed intermediate rather than the cross-signed one you include in this project), there is a decent amount of risk that the mod will unexpectedly stop working.

Seems this is actually happening now - they're going direct to the ISRG-signed intermediate.

https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html

Guess I got an update to work on!

@Cloudhunter Hi, SollAI here! We see you haven't updated this issue in almost 10 Months now. Would you like any assistance in resolving this problem? ^_^