LetsEncrypt root certifcate not valid?

So I'm currently having an issue where my Jenkins server is not able to run pipeline jobs due to what I'm guessing is the Letencrypt root CA expiring.

the error I am getting is stderr: fatal: unable to access ' https://mygitserver.com ': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

Now I have tried updating my ca-certificates store and there was 0 changes. I also have tried checking to see my certificate chain:

Certificate chain

0 s:CN = https://mygitserver.com

i:C = US, O = Let's Encrypt, CN = R3

1 s:C = US, O = Let's Encrypt, CN = R3

i:C = US, O = Internet Security Research Group, CN = ISRG Root X1

2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1

i:O = Digital Signature Trust Co., CN = DST Root CA X3

The output looks like they are in the right order unless I am doing anything wrong, if I am correct is the issue most likely that the server is still trusting the old root certificate rather than ISRG Root X1?

I've checked the current certificate and all is fine with no errors.

Any assistance or pointers would be appreciated.

1 Like

Welcome to the Let's Encrypt Community :slightly_smiling_face:

3 Likes

What command did you use which produced that error message? I assume some git command but better to know.

Assuming a git command, what version of openssl is used with it? What operating system and version are you running?

Have you just tried updating those components?

Does your Jenkins server have its own CA certificate store apart from the system store?

Sorry to be so vague but you have not given us many specifics to work with.

4 Likes

I'd simply switch to using an alternate (free and ACME friendly) CA.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.