a couple of customers and students of our AppDevPack course called me on various channels that thex ran into issues with Proton and IAM, seeing Introspection errors trying act-as-user scenarios after September 30th.
In almost all cases, this was due to Let's Encrypt Certs being used for securing IAM communication and a Let's Encrypt Root Cert (X3) that purposfully expired by end of september.
To make Proton accept SSL connections via IAM this trust root cert had been imported in the corresponding .kyr - File for the Proton task on the Domino Server.
We were able to fix the issue by importing the new X1 and X2 root cert and the R3 intermediate cert into the kyr file using KYRTOOL and copying the respective *.pem files to the IAM Server in ../config/certs/ca Folder.
Here's where you can find the certs:
Please make sure to use the .pem files and the ones cross-certified by IdenTrust.
In case you don't have the kyrtool command and hand, here's the linux version of it, including the curl command to download the R3 pem file. If you're on Windows - please check your paths accordingly and download the certs via the browser if needed.
Using Domino on Linux:
curl https://letsencrypt.org/certs/isrgrootx1.pem -o le-ca-x1.pem
curl https://letsencrypt.org/certs/isrg-root-x2-cross-signed.pem -o le-ca-x2.pem
curl https://letsencrypt.org/certs/lets-encrypt-r3.pem -o le-ca-r3.pem
/opt/ibm/domino/bin/tools/startup /opt/ibm/domino/notes/latest/linux/kyrtool import roots -k proton.kyr -i le-ca-x1.pem
/opt/ibm/domino/bin/tools/startup /opt/ibm/domino/notes/latest/linux/kyrtool import roots -k proton.kyr -i le-ca-x2.pem
/opt/ibm/domino/bin/tools/startup /opt/ibm/domino/notes/latest/linux/kyrtool import roots -k proton.kyr -i le-ca-r3.pem
Important - after doing so, make sure your restart the Proton Task and then IAM to pick up the new CA chains.
Hope this helps...