1 Like
Hi @zhouzhili1 and welcome to the LE community forum 
It seems that your system does not have the "ISRG Root X1" cert in the trusted root.
Have you tried updating ca-certificates?
What version of OpenSSL are you using?
What OS and version are you running?
Try:
echo | openssl s_client -connect letsencrypt.org:443 -servername letsencrypt.org | head
I get:
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = lencr.org
verify return:1
DONE
CONNECTED(00000005)
---
Certificate chain
0 s:CN = lencr.org
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
3 Likes
I was already updating ca-certificates,
My OpenSSL version is OpenSSL 1.0.1f 6 Jan 2014,
and OS version isUbuntu 14.04.5 LTS,
Then I try:
echo | openssl s_client -connect letsencrypt.org:443 -servername letsencrypt.org | head
get this:
can you help me solve this problems?
1 Like
Try:
1 Like
@zhouzhili1 The work-arounds @rg305 referred are for openssl 1.0.2 so do not apply for your 1.0.1. Maybe Rudy has found they do work in some odd cases - he has seen many more posts than I 
I found some other Ubuntu 14 LTS openssl 1.0.1 threads that might help:
Especially note "For 14.04 & 16.04 one does need ESM enabled to get access to these updates."
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.