﷽
According to the given information in Let's Encrypt Official site which is reachable at the following url https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ the important message is From Sept 30th 2021 Let's Encrypts previous root certificate DST Root CA X3 (and it's R3 intermediate) will expire. It has been replaced by their ISRG Root X1 certificate (and replacement R3 intermediate).
Your connection is not private
Attackers might be trying to steal your information from {domain name}.
NET::ERR_CERT_AUTHORITY_INVALID
NET::ERR_CERT_DATE_INVALID
To fix this issue from the server sider, we need to remove and disable the DST_Root_CA_X3:
# Find DST_Root_CA_X3 location :
root@localhost:~# locate DST_Root_CA_X3.crt
/usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
# Remove DST_Root_CA_X3 :
root@localhost:~# rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
# Edit ca-certificates list :
root@localhost:~# vi /etc/ca-certificates.conf
# Find mozilla/DST_Root_CA_X3.crt and disable it
!mozilla/DST_Root_CA_X3.crt
# Then update CA
root@ssocon:~# update-ca-certificates
Updating certificates in /etc/ssl/certs...
0 added, 1 removed; done.
Or you can simply reboot your server.
For client side simply ask them to update their browser version and also add/update the following certificates :
Root CA Certificates :
ISRG Root X1 : PEM Format | DER Format
ISRG Root X2 : PEM Format | DER Format
Intermediate Certificate :
Lets Encrypt R3 : PEM Format | DER Format
I hope this information will be useful.
No comments:
Post a Comment