github-actions[bot]
commented
3 months ago :tada: This PR is included in version 16.5.0 :tada:
The release is available on GitHub release
Your semantic-release bot :package::rocket:
Closed malvex closed 3 months ago
github-actions[bot]
commented
3 months ago :tada: This PR is included in version 16.5.0 :tada:
The release is available on GitHub release
Your semantic-release bot :package::rocket:
This PR replaces intermediate CA cert (R3) with root CA cert (X1).
In thanos-tls-querier, an intermediate CA cert (R3) was pinned. However, when cert-manager requested a new certificate issued by a higher-level CA (R11), it caused an error
transport: authentication handshake failed: x509: certificate signed by unknown authority.In general, intermediate certificates shouldn't be pinned; instead, root certificates should be pinned (e.g., LetsEncrypt X1 root CA). This ensures that the trust chain is maintained when certificates are updated or replaced.