Hello,
After the expiration of the root certificate all of our debian 9 servers show connections to sites with LE certs as invalid due to a expired certificate.
We tried completely removing a cert and requesting a new one but this does not fix it.
Debian 10 does work.
We confirmed the ISRG Root X1 is in the ca-certificates trust store on debian 9 and 10.
We run openssl 1.1.0l on debian 9 and 1.1.1d on debian 10.
Does anyone know what could cause this and how to fix it?
Thanks!
EDIT: Looks like a workaround for now is changing /etc/ca-certificates.conf:
mozilla/DST_Root_CA_X3.crt -> to !mozilla/DST_Root_CA_X3.crt
And then run update-ca-certificates command