Problem with site after DST Root CA X3 expiration

rvga · October 26, 2021, 7:29am

My web server is (include version): ?
The operating system my web server runs on is (include version): ?
My hosting provider, if applicable, is: hosteur.com
I can login to a root shell on my machine (yes or no, or I don't know): No
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): ?

The only thing I know is that I haven't any problem of "secured site" before the expiration and now I have one.
And I have no clue how to fix that.
Please help...

Thanks in advance.
Regards.

rg305 · October 26, 2021, 8:33am

@rvga
The site is serving the default/long chain:

---
Certificate chain
 0 s:CN = shibum-design.com
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---

Some older web browsers and systems do have trouble with the expired chain.
You can either:

try updating your client(s)
try switching the server to serve the shorter/alternate chain
try switching the server to use another (free and ACME friendly) CA

Osiris · October 26, 2021, 6:27pm

I've renamed your thread as it had the same name as a huge generic DST Root CA X3 expiration thread. I don't think it's ideal to have two threads with the same name in this specific case.

system · November 25, 2021, 6:27pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.