My domain tenjinconsulting.co.uk has been working fine for years, suddenly now throwing errors on the certificate. This is the same for all certs I have on this server.
However, my certificates are showing as current and live (expiring in Nov 2021, so last renewal worked), and if I access the website via Firefox on Mac OS it shows the correct certificate. Forcing a certificate refresh on my server it tells me that all certs are valid and so skips all of them.
However, accessing my mail server on the same domain I get an "untrusted" message.
That message (same on iOS) is showing the certificate as having expired 29/09/2021 20:21:40 GMT+1 (BST).
Is this to do with this:? Certificate Compatibility - Let's Encrypt
"root certificate used by Let’s Encrypt to sign client certificates will lose its validity on this day (expiry of Intermediate R3 on 2021/09/29 at 19:21:40 GMT – the DST Root CA X3 expires on 2021/09/30 14:01:15 GMT)"
This is exactly the same date / time as the expiry date reported in the errors I get.
Can anyone suggest how I can fix this? It's displaying an error pop up on my phone every 30 seconds or so, which is really annoying.
UPDATE - looking at other tickets someone suggested running these commands, but I'm not sure what it is telling me (I had someone else set up SSL for me...)
openssl x509 -noout -dates -in /etc/letsencrypt/live/tenjinconsulting.co.uk/chain.pem
notBefore=Sep 4 00:00:00 2020 GMT
notAfter=Sep 15 16:00:00 2025 GMT
openssl x509 -noout -dates -in /etc/letsencrypt/live/tenjinconsulting.co.uk/fullchain.pem
notBefore=Aug 31 18:43:52 2021 GMT
notAfter=Nov 29 18:43:51 2021 GMT
I have also, as suggest in another thread, updated /etc/apache2/sites-available/tenjinconsulting.co.uk to reference the fullchain.pem file instead of just chain.pem, and remove the ChainFile key:
This has removed "chain errors" as reported by SSLLabs checker.
Any ideas would be very much appreciated!