How to Fix Lets Encrypt’s DST Root CA Expiry issue

On 30th Sept 2021, the DST Root CA X3 certificate used by Let’s Encrypt expired causing clients some clients to experience SSL certificate expiry errors.

SSL connections fail with the error below

The certificate issuer's certificate has expired. Check your system date and time.

Mail clients will also fail to connect due to invalid SSL chain.

Details on the issue can be found on the link below

Fixing the error on cPanel

In the cPanel hosting, this has already been resolved by our Support Team. In case you still experience any issues, please reach out to our teams via Ticket/Email, Chat or Call

Fixing the error in tPanel/CWP (Uses Centos 7)

To fix the error in tPanel or CWP running on our VPS, follow the steps below

~$ yum -y update ca-certificates

Once run, you can confirm the updated CA Bundle with the command below

~$ rpm -q ca-certificates

The update ca-certificates-2021.2.50-72.el7_9.noarch replenished the CA Bundles to new ones. This can be confirmed via the command below

~$ rpm -q ca-certificates --changelog | head
* Tue Sep 14 2021 Bob Relyea <[email protected]> - 2021.2.50-72
- Fix expired certificate.
- Removing:
- # Certificate "DST Root CA X3"

You can then reissue the SSL to so that a new one with the new chain is generated.

Was this article helpful?

Related Articles

Leave A Comment?