Certificate has expired: acme-v02.api.letsencrypt.org/directory

Ran into todays problems with the expired root certificate on my website www.rejsa.nu. Trying to delete and renew my certificate this also failed due to this:

root@no:~ # curl https://acme-v02.api.letsencrypt.org/directory
curl: (60) SSL certificate verify result: certificate has expired (10)
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

This is from a fully updated OPNsense box

Your machine doesn't trust ISRG Root X1 (self signed). Can you update ca-certificates or similar?

1 Like

Since I'm not very good at this stuff I'm not sure how to update my box as a client so it gets the right root chain?

OPNSense is FreeBSD based and I have no clue (I'm never in on it in a shell normally)

Sorry I don't know the specifics for that but you need to get it to add the self-signed ISRG Root X1, which you can download in various formats from here: Chain of Trust - Let's Encrypt

If you have a /etc/ssl/ it may be something under there you need to update (in a subfolder), someone else with more familiarity with FreeBSD may be able to help.

1 Like

Removed the expired Letsencrypt authority found in the OPNsense webgui under:
System - Trust - Authorities

So at least updating certs works now :slight_smile: :+1:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.