Apparently, Let's Encrypt changed their CDN provider from Akamai to Cloudflare in order to be able to terminate TLS sessions in their own infrastructure. This seems to have exposed a couple of client errors with case handling in HTTP requests and -headers that were previously hidden by CDN magic, see issues attached to https://community.letsencrypt.org/t/new-cdn-for-the-production-api/102629
Old versions of Dehydrated and acme.sh seem to be affected, in particular (and cPanel).
@galaxis Note that it was fixed in dehydrated *before* but not always deployed https://github.com/lukas2511/dehydrated/issues/559
"JWS has no anti-replay nonce"
@bortzmeyer Thanks for pointing to that L'E change in your previous post - I'm almost certain to run into trouble with this in some of my special installations of very old software...
(They also hinted at planning to tighten down their cipher suite selection, which is probably going to pose a host of new problems...)
@galaxis I am far more concerned with their switch to a pro-nazi pro-terrorism host.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!