Today Let's Encrypt has expired the old root certificate. This means that old and un-updated operating systems, browsers or mail clients will not be able to connect to servers via SSL. Services and servers that have not yet renewed their root certificate are also affected.
The massive number of certificate renewal attempts caused a failure on the part of Let's Encrypt infrastructure, which may cause the delay in receiving updated certificates. Unfortunately here you need to be patient and wait for the problem to be resolved on Let's Encrypt's side.
Devices that are affected by the certificate expiration are those that are not updated. Users of older versions of macOS 2016 and Windows XP (with Service Pack 3) may experience problems with browsers and devices. Some Android devices may still encounter problems. Let's Encrypt recommends that users running Android (Lollipop) 5.0 install the Firefox browser.
The following messages may appear on your devices:
- The email application cannot verify server identity,
- Cannot verify Server Identity.
What should I do to make the certificate work correctly?
- update your operating system to the latest version,
- update the program you are using to the latest version,
- it may be necessary to clear the browser cache and restart the operating system,
- wait for the certificate update on the server - this operation may take several hours due to the limits imposed by Let's Encrypt.
Remember that the use of up-to-date software is necessary to use the Internet services. Commercial certificates do not have such restrictions (such as renewal frequency limit).
A temporary workaround:
- You can log on to your mail using a web browser by logging on via webmail,
- In the mail settings, you can use a backup mail server by changing the current one, e.g. mail.yourjadomena.pl to fxx.thecamels.org, where xx is the number of the server you are currently on.
For more information see:
- Let's Encrypt issue status on their side
- Android devices with DoT configured; interaction with new default chain
- Help thread for DST Root CA X3 expiration (September 2021)
- Let’s Encrypt’s root certificate has expired, and it might break your devices
Thursday, September 30, 2021