Temporary solution for resolving issue with LetsEncrypt root certificate
This guide should only be followed if you have a LetsEncrypt SSL certificate
and started having connection issues after 30/09/2021
On September 30 2021, Let's Encrypt updated their ROOT certificate. This has caused various issues with connectivity for email clients and web traffic, often with a message about an 'expired certificate'. As per their press release (below), the old root certificate 'ISRG Root X1' expired on 30/09/2021 and was updated from their side.
However, any LetsEncrypt SSL Certificates that are currently in use will still show the old, now-invalid certificate in their CA Bundle. To get emails and web traffic working as normal again, the most straightforward solution is to uninstall and reinstall your current certificate, but download the new CA Bundle.
Step 1 - Log into cPanel
and click on SSL/TLS
Step 2 -
Select Manage SSL Sites
- Under 'Manage Installed SSL Websites', select Uninstall
Step 4 -
Step 5 -
Further down the page under 'Install an SSL Website', Select
the domain corresponding to the SSL Certificate you just uninstalled.
Step 6 -
Select Autofill by domain
Step 7 - Remove
the contents of the Certificate Authority Bundle
box as below. Leave the other boxes as they are.
Step 7 -
This will reinstall the same certificate, but force a re-download of the CA Bundle containing the updated LetsEncrypt ROOT Certificate.
After this has been done, allow a few minutes and restart your email clients, then try to connect again. This should resolve the issue, and we will post more details to our status page as they become available.
Thank you for your feedback on this article.