It was that time of year when my SSL certificates needed attention because they were about to expire. But my current certificate authority, StartSSL, is no longer trustworthy following the sale of StartCom to WoSign, a Chinese CA of dubious repute.
The StartSSL website now presents a notice:
Dear StartCom Subscribers, We are improving and updating our systems. Please use www.startcomca.com from now on. Thanks. StartCom Certification Authority
So it's now StartCom, and I can't log in because this change invalidates my existing client certificate, but there is a mechanism to get a replacement. Once logged in, the notice presented on the front page clarifies the situation:
Mozilla and Google decided to distrust all StartCom root certificates as of 21st of October, 2016, meaning that since January all the SSL certificates issued from that date will no longer be trusted in Firefox and Chrome newest releases.
This stance has been taken by Google, Apple and Mozilla.
So, it's time to change to anoter certificate authority and the one that makes sense is LetsEncrypt. Still free, but backed by the EFF and designed for automation...
So, farewell StartSSL and hello LetsEncrypt...