Let's Encrypt! SSL certificates no longer accepted?

Jeroen Koops koops.j@REDACTED
Mon Sep 27 15:41:11 CEST 2021

A couple of days ago, three of our Ubuntu server received an unattended
update in which the ca-certificates.crt file was updated.

One of the changes was the removal of the DST Root CA X3 root-certificate.
This certificate is used as a root by Let's Encrypt certificates, and is
almost expiring.

>From what I read about the subject (
https://scotthelme.co.uk/lets-encrypt-old-root-expiration/) this was
planned, and the idea was that the ISRG Root X1 certificate which signs an
alternate chain for Let's Encrypt certificates, will take over.
However, some trickery was applied to make the ISRG Root X1 have an
extended lifetime.

What I do know, is that the Erlang SSL implementation does not seem to
accept Let's Encrypt certificates anymore with { verify, verify_peer }
since the update.

Fetching the same resource from the command line with, say, curl, does not
cause any problems.

Has anyone else seen this issue? Is there a solution?

Jeroen Koops

M: koops.j@REDACTED
T: +31-6-55590300
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20210927/57811a6c/attachment.htm>

More information about the erlang-questions mailing list