Unable to validate certificate

The subject in the current certificate is causing an issue.

  • Server certificate:
  •   subject: CN=lencr.org

It should be letsencrypt.org instead of lencr.org.
This is probably impacting a lot of people.

Hi @macckone welcome to the community!

That is an HTTPS example session, which works well. The certificate contains the domain name in its SAN section:

subjectAltName: host "letsencrypt.org" matched cert's "letsencrypt.org"

Some mirrors do not have the same certificate:

  • About to connect() to letsencrypt.org port 443 (#0)
  • Trying
  • Connected to letsencrypt.org ( port 443 (#0)
  • Initializing NSS with certpath: sql:/etc/pki/nssdb
  • CAfile: /etc/pki/tls/certs/ca-bundle.crt
    CApath: none
  • Server certificate:
  •   subject: CN=lencr.org
  •   start date: Oct 10 03:00:44 2021 GMT
  •   expire date: Jan 08 03:00:43 2022 GMT
  •   common name: lencr.org
  •   issuer: CN=R3,O=Let's Encrypt,C=US
  • The certificate issuer's certificate has expired. Check your system date and time.
  • Closing connection 0

Curl is showing it as expired but it is the subject mismatch.

My date is correct but I am having the same issue.
Wed Dec 1 11:22:22 EST 2021

Doh, it is the R3 certificate that is expired that signed your certificate!

For me it was an outdated ca bundle.


It was probably the ISRG Root X1 signed-by DST Root CA X3 certificate in the chain which was causing some trouble and not the R3 intermediate. But indeed, often updating the CA bundle fixes this.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.