Score:2

Since Sep 30 14:01:15 2021 GMT any software using openssl <=1.0 (like curl, php etc.) can't connect to hosts with Let’s Encrypt certificates

ru flag
ndd

Since Sep 30 14:01:15 2021 GMT any software using openssl <=1.0 (like curl, php etc.) can't connect to hosts with Let’s Encrypt certificates

* SSL certificate problem: certificate has expired
anx avatar
fr flag
anx
should probably limit duplication around this one-time (hopefully!) event: https://serverfault.com/questions/1079199/client-on-debian-9-erroneously-reports-expired-certificate-for-letsencrypt-issue
Score:3
ru flag
ndd

DST Root CA X3 root certificate expired on Sep 30 14:01:15 2021 GMT. It was used as one of certification paths for Let’s Encrypt certificates. Any software using openssl <=1.0 (like curl, php etc.) will cause expired root to fail connection instead of trying other roots in local ca store (a bug)

As of 30 september 2021 available ca stores still contains expired DST Root CA X3 root certificate so updating it won't fix problem. You can either update your cURL (which might be quite challenging in some situations) or edit local ca store (f.e. /etc/pki/tls/certs/ca-bundle.crt) and manually remove certificate after line "DST Root CA X3"

Update: On 1 october 2021 new version of curl ca store available at https://curl.se/docs/caextract.html has been updated and does not contain expired DST Root CA X3 certificate

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.