Expired R3 connected to DNS challenge?

Sorry for my lack of experience!

I got a letsencrypt cert from DNSimple through DNS challenge and today it stopped working because of the expired R3 cert. From what I understand any new certs should use a newer version of the R3.
Is there something I could have done wrong?
Will a new cert using e.g. certbot solve this?
Why did it even happen?

The link is idol.activeent.co


Your site is still sending the old expired R3 intermediate. Looks like this is hardcoded somewhere, so a renewal will change nothing. You will likely need to adjust some configuration on your server(s).

What webserver and acme client are you using?


I have been stoked the last couple of days and caught up with my email. Then I found this:

You are receiving this email because you have one active Let's Encrypt certificate requested via DNSimple and you may be affected by this change.

It has come to our attention that we are currently including by default, in our HTTPS redirector and DNSimple app certificate installer, an intermediate SSL certificate for Let's Encrypt that will expire on September 30, 2021.

This was sent 2 days ago... "It has come to our attention...", well that explains it but they should have known and tested ages ago. What to say?

If they manage your certificates (do they?), they need to fix their systems. Not much we can do.

1 Like

That depends what role DNSimple really has.. I'm not familiar with it, so perhaps you could explain: is DNSimple just your DNS provider? It also seems to be providing your certificate, but is it also hosting your site? Or did you need to install the certificate yourself into your webserver manually after retrieving the cert?

The reason I got the cert from them was that the server was offline so I could not use certbot as I usually do.We normally only use them for dns.


Is correct?

If so, how? Et cetera..

Yeah, I just did the same process again and placed it at the right path, instructions they sent today..... Let's Encrypt R3 Intermediate Certificate Expiration (30 September 2021) - DNSimple Blog

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.