OpenSSL 1.0.2u problems Let's Encrypt

Hello.
I read the news that the old software will have problems opening sites using the Let's Encrypt certificate.
There are several servers running old FreeBSD 11.4-RELEASE-p13 software, it uses OpenSSL 1.0.2u-freebsd 20 Dec 2019, apache24 web server.
What should be done in this case?
Upgrading the system is not an option.

remove dst root x3 from the local trust store

2 Likes

I don't understand how to do this?

1 Like

Please see Old Let’s Encrypt Root Certificate Expiration and OpenSSL 1.0.2 - OpenSSL Blog

1 Like

/usr/share/certs/blacklisted put dst root cert there I guess
didn't run bsd before

1 Like

Do these settings to be done on the server or client?

That depends which workaround you're reading. It says so in the paragraph heading of the workarounds.

1 Like

What are the workarounds?
I do not understand.
The main thing for me is that the sites located on my server open normally for clients.

I don't know how to be more clear, but let me try anyway:

Please click on the link I provided above. On that page you'll see some introductory text and below that introduction, you'll see this:

Below that there are 2 more workarounds, one more for clients and one for servers.

2 Likes