I read the news that the old software will have problems opening sites using the Let's Encrypt certificate.
There are several servers running old FreeBSD 11.4-RELEASE-p13 software, it uses OpenSSL 1.0.2u-freebsd 20 Dec 2019, apache24 web server.
What should be done in this case?
Upgrading the system is not an option.
remove dst root x3 from the local trust store
I don't understand how to do this?
/usr/share/certs/blacklisted put dst root cert there I guess
didn't run bsd before
Do these settings to be done on the server or client?
That depends which workaround you're reading. It says so in the paragraph heading of the workarounds.
What are the workarounds?
I do not understand.
The main thing for me is that the sites located on my server open normally for clients.
I don't know how to be more clear, but let me try anyway:
Please click on the link I provided above. On that page you'll see some introductory text and below that introduction, you'll see this:
Below that there are 2 more workarounds, one more for clients and one for servers.