Signature Algorithm: sha256WithRSAEncryption The update goes together with OS updates./mnt/master-vol-010585f3ee8b8153c/pki//clients$ openssl x509 -in server.crt -text If you do not want to reassemble the expired Let's Encrypt certificate, you may as well use your existing certificate from a different provider or purchase a brand new one from companies like Sectigo, DigiCert, GeoTrust, or Thawte.ĭo not forget however to update the ca root packages. It is required to have the OS on mobile devices up-to-date to address these issues. Try a restart of the affected client device. Some operating systems hold onto the expired R3 > DST Root CA X3 chain even if your server is no longer using it. Browsing to will prompt Windows to include ISRG Root X1 in its trust store automatically. On Windows PCs, simply browsing to a website using Chrome, Edge etc with updated the client trust store with the required certificates. If your site is working for most devices but not for some, the problem is with their trust store (their list of trusted root certificates). Should you already have Deep Castle Gen 2 Update 1 Build 2 (13.0.1.2), and you are still experiencing issues, it's very likely the certificates were created in the previous versions and you must delete the existing certificate and create a new one. This version has changed the mechanism of composing the certificate chain for the Let's Encrypt certificate to include the new Root X1 certificate. Should you have an older version than IceWarp Deep Castle Gen 2 Update 1 Build 2 (13.0.1.2), you need to upgrade to this version first, delete the existing certificate, and finally create a new one. In other cases, the issue may be with the client's computer.
To fix this, you need to make your server use (serve) the correct chain. In some cases, the expiry of the root (and its related expiring R3 intermediate certificate) may causes certificates to be considered untrusted or invalid. It has been replaced by their ISRG Root X1 certificate (and replacement R3 intermediate).
On Sept 30th, 2021, Let's Encrypts previous root certificate DST Root CA X3 (and its R3 intermediate) has expired. Your certificate (called a Leaf or end-entity certificate) will be validated by following this chain. The root certificate issues an Intermediate certificate which in turn is used to issue general certificates such as the ones for your website. Certificate trust mainly relies on the "root" issuing certificate (and intermediate certificates) being trusted by your computer.
0 kommentar(er)
