Issues with certificate chain after latest renewal

After our most recent certificate renewal today, we have started getting certificate chain issues.

This is causing issues for a specific legacy endpoint in our backend that uses a POST with BasicAuth.

One of our other environments which has not been renewed yet, does not have the issue yet:

Anyone have an idea what is happening?

Yes, it appears that you have hardcoded the wrong intermediate certificate in Apache.

Let's Encrypt recently changed its issuer certificate from "Let's Encrypt Authority X3" to "R3".

Usually, you will want to take the "fullchain" bundle from your ACME client (e.g. Certbot) and configure Apache's SSLCertificateFile with that. It includes the correct intermediate certificate automatically and requires no human intervention.

What appears to have happened in your case is that you are still using the old intermediate certificate, which results in trust errors. This is usually because somebody (end-user or perhaps the developer of a buggy ACME client or integration) has hardcoded it.

1 Like

Thanks for the quick response, we will take a look at the configuration.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.