R3 certificate expired — macOS

Just like everybody else today, I'm getting an error with R3. Reading through threads and tried fixing it for a good chunk of the day, but I'm getting some inconsistent behavior.
I'm getting "R3 certificate expired" on my laptop and my iPad, while it's working just fine on an other computer in the office (same network, both on macOS), it's working fine on an iPhone, and an Android phone.

Domain: https://y3ti.studio
Certbot command used: certbot certonly --manual -d '*.y3ti.studio' -d y3ti.studio --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
Output: Successful, no warning. Certificate set to expire in December.
Certbot version: 1.19.0

Ran: openssl crl2pkcs7 -nocrl -certfile "fullchain.pem" | openssl pkcs7 -noout -print_certs
Output:

subject=/CN=*.y3ti.studio
issuer=/C=US/O=Let's Encrypt/CN=R3

subject=/C=US/O=Let's Encrypt/CN=R3
issuer=/C=US/O=Internet Security Research Group/CN=ISRG Root X1

subject=/C=US/O=Internet Security Research Group/CN=ISRG Root X1
issuer=/O=Digital Signature Trust Co./CN=DST Root CA X3

Can't seem to figure out what's wrong/how to update it.
Thank you!

Your server is serving only your leaf certificate, without any intermediates, so the client OS looks for it's own R3 and sees that as expired.
openssl s_client -showcerts -connect y3ti.studio:443 -servername y3ti.studio

depth=0 CN = *.y3ti.studio
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = *.y3ti.studio
verify error:num=21:unable to verify the first certificate
verify return:1
---

The old chain was Your Cert > R3 (old version) > DST Root CA X3
The new chain is Your Cert > R3 (new version) > ISRG Root X1

You need to review your webserver configuration to ensure it points to a full chain, not just your leaf cert.

2 Likes

Thanks!
Can confirm it was a misconfig I made on the hosting provider side (Platform.sh).
Besides the private key, there were a couple of inputs: certificate, and intermediate certificates. It used to work just fine by loading everything under certificate.
Now, to make it work, I had to load the full chain as well under the "Intermediate certificate" section.

Thank you for your help @webprofusion . Really appreciate it.

3 Likes

That looks better (easier on the eyes) without the -showcerts [breaking things]

---
Certificate chain
 0 s:CN = *.y3ti.studio
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:CN = *.y3ti.studio
   i:C = US, O = Let's Encrypt, CN = R3
 2 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
 3 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
1 Like

Ha, interesting. I get the short chain with -showcerts and the long chain without.

You're not reading the output right (I think).
In the -showcerts output, just remove the shown certs.

It's two different sections:

openssl s_client -connect y3ti.studio:443 -servername y3ti.studio
CONNECTED(00000005)

[this part is junky looking]

depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = *.y3ti.studio
verify return:1

[end of junk]

---
Certificate chain
 0 s:CN = *.y3ti.studio
   i:C = US, O = Let's Encrypt, CN = R3
   [shown cert]
 1 s:CN = *.y3ti.studio
   i:C = US, O = Let's Encrypt, CN = R3
   [shown cert]
 2 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   [shown cert]
 3 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
   [shown cert]
---
1 Like

Correct! I was only reading the first part.

1 Like

This shows OpenSSL's verify path, i.e. how it walked the chain. Which uses ISRG Root X1 as the trust anchor, which is both good and intended.

This is just displaying what it got from the server (which is what you're looking for in this case)

2 Likes