Help thread for DST Root CA X3 expiration (September 2021)

Thank you, I will take a look at that link you sent

1 Like

For ubuntu 10.04 lucid

put http://curl.haxx.se/ca/cacert.pem into /usr/share/ca-certificates/
add a line cacert.pem into /etc/ca-certificates.conf
sudo update-ca-certificates

download the latest openssl and curl (configure with --with-openssl) make and install

==> fixed my problem

1 Like

Good morning
Please people are having issues connecting to my website

I don't understand why. It is working on some other devices.

Good morning
Please people are having issues connecting to my website. There seems to be a connection issue. A problem with my ssl certificate. But i installation my certificate properly.

I don't understand why. It is working on some other devices.

Hi @amandadukor and welcome to the LE community forum :slight_smile:

I think you may need to review (and update) whatever installation instructions you followed.
The site is serving a chain that has expired and hasn't been provided by LE since May 2021.

echo | openssl s_client -connect amandadukor.com:443 -servername amandadukor.com | head
depth=1 C = US, O = Let's Encrypt, CN = R3
verify error:num=20:unable to get local issuer certificate
DONE
CONNECTED(00000005)
---
Certificate chain
 0 s:CN = amandadukor.com
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---

How can i do that please
I don't quite understand

You may have rethink the way you originally get the certificate, and do it slightly differently. You should not fix the signing certificate, but always use (refer to) the one your ACME software fetched at the time of renewing the certificate.

1 Like

Can you simplify this for someone who doesn't understand web dev. lingo? Please

On what platform your website is running?

easyWP by namecheap

OK. I am not familiar with that platform, however likely you do not have option to manage the signing certificate. How complex was to set up the Let's Encrypt certificate? How many options were available to control it?

It wasn't complex. I uploaded it using a platform called 'zerossl'

Have you used https://zerossl.com/ to create your certificate (I do not know that platform either)?

Is it possible for me to just re install a new certificate or something. Delete the old one and just start over

You may just repeat the same issue, if you redo it. Is that the site you used (https://zerossl.com) to create the certificate? I do not know what options are available at the end to download the certificate. Have you downloaded just the certificate, or the full certificate chain?

My post on this tread 556 worked for me on Several Mac's running 10.9.5.

Yes i downloaded everything using that site. The private key, certificate and something else

But...Isn't there a way to install the certificate directly from lets encrypt? I can pay a web developer to install it for me if it's too complex.

There are multiple ways to create the certificate, and that one is feasible. How many files have you downloaded from zerossl.com at the end of the process?

Sorry, I overlooked what you wrote, you already answered my question. The important part seemingly what broken is:

That must be the signing certificate chain. And that is what is broken.

1 Like

Okay thank you for your patience.
So what's the way forward? To create new certificates? You mentioned that there are many ways to do that. Is there an article or something on how i can do that?

1 Like

Please do not jump that much (yet). We just try to fix it easily.

So on the management interface of "easyWP by namecheap" what was requested to upload? I believe (since I do not know the platform) the key for sure, then the certificate, and thirdly the signing certificate chain. Was that the way?

1 Like