Resolving issue with LetsEncrypt root certificate
Print
This guide should only be followed if you have a LetsEncrypt SSL certificate and started having connection issues after 30/09/2021.
On September 30 2021, Let's Encrypt updated their ROOT certificate. This has caused various issues with connectivity for email clients and web traffic, often with a message about an 'expired certificate'. As per their press release (below), the old root certificate 'ISRG Root X1' expired on 30/09/2021 and was updated from their side.
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
However, any LetsEncrypt SSL Certificates that are currently in use will still show the old, now-invalid certificate in their CA Bundle. To get emails and web traffic working as normal again, the most straightforward solution is to uninstall and reinstall your current certificate, but download the new CA Bundle.
Step 1 - Log into cPanel and click on SSL/TLS.
Step 2 - Select Manage SSL Sites.
Step 3 - Under 'Manage Installed SSL Websites', select Uninstall.
Step 4 - Select Proceed.
Step 5 - Further down the page under 'Install an SSL Website', Select the domain corresponding to the SSL Certificate you just uninstalled.
Step 6 - Select Autofill by domain.
Step 7 - Remove the contents of the Certificate Authority Bundle box as below. Leave the other boxes as they are.
Step 7 - Select Install.
This will reinstall the same certificate, but force a re-download of the CA Bundle containing the updated LetsEncrypt ROOT Certificate.
After this has been done, allow a few minutes and restart your email clients, then try to connect again. This should resolve the issue, and we will post more details to our status page as they become available.
- 01-10-2021 15:03
Temporary solution for resolving issue with LetsEncrypt root certificate
This guide should only be followed if you have a LetsEncrypt SSL certificate and started having connection issues after 30/09/2021.
On September 30 2021, Let's Encrypt updated their ROOT certificate. This has caused various issues with connectivity for email clients and web traffic, often with a message about an 'expired certificate'. As per their press release (below), the old root certificate 'ISRG Root X1' expired on 30/09/2021 and was updated from their side.
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
However, any LetsEncrypt SSL Certificates that are currently in use will still show the old, now-invalid certificate in their CA Bundle. To get emails and web traffic working as normal again, the most straightforward solution is to uninstall and reinstall your current certificate, but download the new CA Bundle.
Step 1 - Log into cPanel and click on SSL/TLS.
Step 2 - Select Manage SSL Sites.
Step 3 - Under 'Manage Installed SSL Websites', select Uninstall.
Step 4 - Select Proceed.
Step 5 - Further down the page under 'Install an SSL Website', Select the domain corresponding to the SSL Certificate you just uninstalled.
Step 6 - Select Autofill by domain.
Step 7 - Remove the contents of the Certificate Authority Bundle box as below. Leave the other boxes as they are.
Step 7 - Select Install.
This will reinstall the same certificate, but force a re-download of the CA Bundle containing the updated LetsEncrypt ROOT Certificate.
After this has been done, allow a few minutes and restart your email clients, then try to connect again. This should resolve the issue, and we will post more details to our status page as they become available.
Thank you for your feedback on this article.
Related Articles
© Crucial