| 8 May 2026 |
 hexa |
We have been made aware of a potential incident and are shutting down all issuance.
| 19:45:07 |
 K900 | Wew | 19:45:25 |
| hexa | https://bugzilla.mozilla.org/show_bug.cgi?id=2038351 | 21:46:48 |
| 9 May 2026 |
 m1cr0man | Does this actually affect us? Afaik you can't issue a subordinate with lego | 01:31:06 |
| hexa | it prevented me from renewing | 11:32:12 |
| 12 May 2026 |
|  Richard Tichý joined the room. | 11:24:50 |
| 13 May 2026 |
| hexa | https://github.com/go-acme/lego/releases/tag/v5.0.3 | 13:50:49 |
| hexa | Redacted or Malformed Event | 13:51:40 |
| hexa | removing extraLegoRenewFlags will change hash data | 14:42:44 |
| hexa | osnyx (he/him) I don't see a way to make the lego 5.0 migration not renew all certs fwiw | 15:29:36 |
| hexa | https://go-acme.github.io/lego/migration/cli/index.html | 15:29:37 |
| hexa | Redacted or Malformed Event | 15:29:47 |
| hexa | we'll drop renew flags, because renew is gone | 15:35:12 |
| hexa | and both global and renew flags now live in run | 15:35:25 |
| hexa | can't invalidate the hashdata harder | 15:35:43 |
| hexa | + lego run --accept-tos --path . --no-random-sleep --http --http.address :80 --server https://acme.test/dir --key-type ec256 --domains builtin.example.test --domains 192.168.1.2
2026-05-13T15:45:13.971858291Z INFO Private key saved. filepath=accounts/acme.test/noemail@example.com/noemail@example.com.key
2026-05-13T15:45:13.979702584Z ERROR Error error="renew: registration: the account noemail@example.com is not registered"
| 15:51:05 |
| hexa | so on email change we not get "not registered" | 15:51:21 |
| hexa | Redacted or Malformed Event | 15:52:44 |
 emily | we can just drop email for LE, right? | 16:05:48 |
| emily | they no longer use or store it | 16:05:51 |
| emily | but otoh I guess if we key the hash on it then CAA… | 16:06:13 |
| hexa | the test passes an email on the first run | 16:06:52 |
| hexa | drops it on the second | 16:06:54 |
| hexa | and gets that error | 16:06:58 |
| hexa | so renewing with a different email (no email) fails | 16:07:15 |
| hexa | I found --force-cert-domains, which is nice | 16:07:33 |
| hexa | filed an issue https://github.com/go-acme/lego/issues/3084 | 16:25:00 |
| hexa | maybe we need to --force-renew in these cases | 16:26:01 |
| hexa | Redacted or Malformed Event | 16:26:05 |
| hexa | Redacted or Malformed Event | 16:26:26 |
