Error with newly retrieved certificates - TLSV1_ALERT_UNKNOWN_CA

Hello. I'm using Let's Encrypt for the last 4 years.
I have multiple servers that automatically update the certificates before they expired.

Yesterday, one of the servers updated the certificate and devices that were using the tls connection stop connecting to it with the next error:

Reason : error:10000418:SSL routines:OPENSSL_internal:TLSV1_ALERT_UNKNOWN_CA

The new certificate works just fine when I open the site from the browser. I checked with another server. The situation is the same - the newly retrived certificate causes the above error for all ssl/tls connections. The old certificate works fine.

The main diff I found between:

New (non working):
CN = R3
O = Let's Encrypt
C = US

Old (working):
CN = Let's Encrypt Authority X3
O = Let's Encrypt
C = US

Could you please advise?

Looks similar to OCSP Responder ‘unauthorized’ error. Could it be the same issue? Urls seems correct:

        Authority Information Access: 
            OCSP - URI:
            CA Issuers - URI:

Ok, found the problem. The clients actually had a hardcoded issuer and Let's Encrypt had changed issuer recently.

1 Like

Yeah, never hardcode anything if it isn't necessary.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.