• Arthur Besse@lemmy.mlOP
        link
        fedilink
        English
        arrow-up
        7
        ·
        edit-2
        5 hours ago

        Their certificate was revoked (by their certificate authority, Actalis, part of the Aruba Group) on July 6. Presumably the CA was pressured to revoke it by the Italian and/or US government, and they will get a new certificate from someone else soon.

        There is a hexbear thread here about it; afaict there doesn’t appear to yet be any reporting about it. But in the CRL you can see it was revoked July 6:

        $ curl -s http://crl15.actalis.it/Repository/tls-subca-rsa-dv-2025/getLastCRL | openssl crl -noout -text |grep -A 4 02295E6BB25717C4652321F4ED9D2B29
            Serial Number: 02295E6BB25717C4652321F4ED9D2B29
                Revocation Date: Jul  6 13:54:09 2026 GMT
                CRL entry extensions:
                    X509v3 CRL Reason Code: 
                        Privilege Withdrawn
        

        The reason “Privilege Withdrawn” means it was the CA’s decision rather than their own.

        Because certificate revocation has never worked very well, many people can still access it (until their browser fetches the certificate revocation list, or checks OCSP, does some newfangled proprietary other thing i don’t understand…).