R3 certificate expired


I am using Lets Encrypt SSL Certificates on Linux servers CentOS Linux release 7.9.2009 (Core). When I hit the domain using Lets Encrypt SSL Certificates, It reports Issued by: R3 , Expires: Friday, 17 December 2021 at 9:43:18 AM India R3 certificate expired and shows Not Secured in Chrome browser.

Please suggest / guide. Do i need run certbot command to renew it or do any changes on the Linux server. CentOS Linux release 7.9.2009 (Core). Thanks in Advance.

Best Regards,


What is your domain name, that we could check what intermediate signing certificate your server is sending, if any?

@bruncsak jenkinshsbcdeveloperportal.digitalapicraft.com is the domain name

Your server seems to be unreachable:

@bruncsak It is restricted from Internet and allowed from a trusted source IP. Please let me know if you need any additional details.

OK, so please post the output of the following command executed on a trusted source IP:
openssl s_client -connect jenkinshsbcdeveloperportal.digitalapicraft.com:443 | head

openssl s_client -connect jenkinshsbcdeveloperportal.digitalapicraft.com:8443 | head
depth=0 CN = jenkinshsbcdeveloperportal.digitalapicraft.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = jenkinshsbcdeveloperportal.digitalapicraft.com
verify error:num=21:unable to verify the first certificate
verify return:1
Certificate chain
 0 s:/CN=jenkinshsbcdeveloperportal.digitalapicraft.com
   i:/C=US/O=Let's Encrypt/CN=R3
Server certificate

Thanks for the feedback.

The web server is not providing any intermediate signing certificate. It should be configured to provide that. The ACME client with which you got the end certificate normally provides the signing certificate chain as well.

In addition too, it is possible that in your chrome browser the old intermediate signing certificate is cached. It is worthwhile to remove that.


I am using the below command to generate Lets encrypt SSL Certificates on the remote Linux server.

certbot certonly --standalone --preferred-challenges http -d jenkinshsbcdeveloperportal.digitalapicraft.com

Please guide.

You do not need to renew the certificate, you wrote:

So the certificate were renewed around two weeks ago. Good to know that you are using certbot, this ACME client provides the chain. Only your web server is not serving it.

It is more important to know what web server are you using? Apache? If yes, what is the output of the httpd -V command?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.