Certificate has expired

image

1 Like

Hi @zhouzhili1 and welcome to the LE community forum :slight_smile:

It seems that your system does not have the "ISRG Root X1" cert in the trusted root.
Have you tried updating ca-certificates?
What version of OpenSSL are you using?
What OS and version are you running?

Try:

echo | openssl s_client -connect letsencrypt.org:443 -servername letsencrypt.org  | head

I get:

depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = lencr.org
verify return:1
DONE
CONNECTED(00000005)
---
Certificate chain
 0 s:CN = lencr.org
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
3 Likes

I was already updating ca-certificates,
My OpenSSL version is OpenSSL 1.0.1f 6 Jan 2014,
and OS version isUbuntu 14.04.5 LTS,
Then I try:

echo | openssl s_client -connect letsencrypt.org:443 -servername letsencrypt.org  | head

get this:

can you help me solve this problems?

1 Like

Try:
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/

1 Like

@zhouzhili1 The work-arounds @rg305 referred are for openssl 1.0.2 so do not apply for your 1.0.1. Maybe Rudy has found they do work in some odd cases - he has seen many more posts than I :slight_smile:

I found some other Ubuntu 14 LTS openssl 1.0.1 threads that might help:

Especially note "For 14.04 & 16.04 one does need ESM enabled to get access to these updates."

2 Likes