I'm trying to set up a Web Key Directory but both, the Direct and Advanced configuration according to https://wiki.gnupg.org/WKDHosting fail.
Testing the setup with gpg -v --auto-key-locate clear,wkd,nodefault --locate-key [email protected]
results in the error that the certificate expired everytime.
Both certificates are LetsEncrypt certificates by the ISRG Root X1 CA.
I read here that this might be a problem due to the DST Root CA X3 expiring. The GnuPG versions I tried are 2.2.28 and 2.3.4. I also tried the discovery with Thunderbird, which gives the error "Can't read public key file".
Is this still a problem due to the expired LetsEncrypt CA or is there something else that I might have misconfigured?
The Access-Control-Allow-Origin header and policy file are in place, the data is sent as an octet-stream.
Unfortunately, my web hosting provider only uses LetsEncrypt and for my locally hosted server I don't have an alternative for LetsEncrypt as well - if that is the problem, is there any workaround for the issue? Upgrading my local configuration wouldn't be very helpful, since I want my keys to be discoverable by other parties with presumably older software as well.