Marco
Marco
For completeness the chain as offered up by the server is as follows, the offending (signed by expired root) cert being the last one: ```Certificate chain 0 s:/CN=package.elm-lang.org i:/C=US/O=Let's Encrypt/CN=R3...
These issues are well-documented. An announcement from LE: https://community.letsencrypt.org/t/openssl-client-compatibility-changes-for-let-s-encrypt-certificates/143816, more info: https://medium.com/geekculture/will-you-be-impacted-by-letsencrypt-dst-root-ca-x3-expiration-d54a018df257 The gist of it is that clients using older versions of TLS libraries such as OpenSSL < 1.1...
Well l figured it out because my CI process using an older version of NodeJS broke unexplainedly. The new ISRG X1 root (short chain) only breaks on clients that do...
In my case there was an issue with our AWS account and all S3 requests returned 403 until the problem was solved. So the records in the `filestore` table have...
I don't recall, but I would expect `forbidden` to be the most common transient error received back from AWS (account issue, wrong authentication details, bucket permission issues would all result...
@ddeboer what do you think?
> You are listing only two disadvantages... I didn't say I had a giant list, did I? > The first disadvantage (10 minute delay) can probably be easily fixed Sure,...
> remove it from the database but keep it in the filestore I would mark it as deleted so on a gc run you can be more efficient about deleting...
> For 1 we need to study what database replication strategy is the best. There are known solutions. Within a single data center we can opt to not replicate but...
Regarding > Note that it must be prevented that the load balancer quickly switches back and forth between servers. While I am of the opinion that it *should* be possible...