Checklist
[x] I have read intro post
[x] I have read the tutorials, help and searched for similar issues
[x] I provide relevant information about my server (component names and versions, etc.)
[x] I provide a copy of my logs and healthcheck
[x] I describe the steps I have taken to trouble shoot the problem
[x] I describe the steps on how to reproduce the issue
You can first remove the expiration on the subkey on the server. The users will be able to login using the quick access but not the mail screen.
We have rollout a new version of the extension (2.12.3) which will not block the login when key is expired on the client side but not the server side, and allows update the server key without asking the clients to do a full recovery. Unfortunately the extension is still pending Google review on the Chrome Webstore. They seem to have issues with staffing to validate extension since crisis began…
ps. this is how the screen should look like for your users when you update the key:
Yes, the new version is available for Firefox users. In order for the change to be triggered you must modify the expiry date in the server keyring and also place the new non expired key on file (in config/gpg) e.g. replace the original public key that is advertised by the server.