On 30th Sept 2021, the DST Root CA X3 certificate used by Let’s Encrypt expired causing clients some clients to experience SSL certificate expiry errors.
SSL connections fail with the error below
The certificate issuer's certificate has expired. Check your system date and time.
Mail clients will also fail to connect due to invalid SSL chain.
Details on the issue can be found on the link below
Fixing the error on cPanel
In the cPanel hosting, this has already been resolved by our Support Team. In case you still experience any issues, please reach out to our teams via Ticket/Email, Chat or Call
Fixing the error in tPanel/CWP (Uses Centos 7)
To fix the error in tPanel or CWP running on our VPS, follow the steps below
~$ yum -y update ca-certificates
Once run, you can confirm the updated CA Bundle with the command below
~$ rpm -q ca-certificates ca-certificates-2021.2.50-72.el7_9.noarch
The update ca-certificates-2021.2.50-72.el7_9.noarch replenished the CA Bundles to new ones. This can be confirmed via the command below
~$ rpm -q ca-certificates --changelog | head * Tue Sep 14 2021 Bob Relyea <[email protected]> - 2021.2.50-72 - Fix expired certificate. - Removing: - # Certificate "DST Root CA X3"
You can then reissue the SSL to so that a new one with the new chain is generated.