I have a debian 8 web hosting server
And I use let's encrypt for my website certificates.
Am I impacted by the certificate expiration ?
#ca-certificates: 20141019+deb8u4
Hi @christophe31 welcome to the LE community forum 
Sorry about the late reply... but things have been a little bit busier than usual.
I can definitely say that OpenSSL <1.1 would need to be upgrade or patched:
See: Old Let's Encrypt Root Certificate Expiration and OpenSSL 1.0.2 - OpenSSL Blog
ca-certificates from 2014 is definitely in need of some updating.
What problem(s) are you currently having?
What problem(s) have you been able to overcome (if any)?
P.S. I moved this to a separate topic so as to get better/focused attention and not to be lost in that immense topic
5 Likes
You may also want to check out Debian 8.3.0-6 - Problems renewing certificates
3 Likes
The problems I am having is that some devices that connect to my server are getting a certificate error message. (really not much)
This fits well with the list of OS mentioned.
The question I have is on a Debian 8 server- is there anything I can do to avoid this?
Or as it is a server I don't have to do anything.
Thank you for your support
If you only control the client side, then you can only make changes there - try adding the missing roots.
If you only control the server side, then you have a couple of choices:
- try changing the trust chain path with:
--preferred-chain "ISRG Root X1"
[note: this option requirescertbot 1.12(or hgigher) or other compatible ACME client]
or quickly by modifying thefullchain.pemfile and remove the last cert - switch to another free CA (until this problem no longer exists with LE certs)
there are several to pick from that are ACME compatible
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.