Letsencrypt certificate reported expired starting October 1st 2021
This document (000020401) is provided subject to the disclaimer at the end of this document.
SUSE Linux Enterprise Server 11
Example of error message:
zypper addrepo https://download.opensuse.org/repositories/systemsmanagement:/wbem/SLE_12_SP5/systemsmanagement:wbem.repo Download (curl) error for 'https://download.opensuse.org/repositories/systemsmanagement:/wbem/SLE_12_SP5/systemsmanagement:wbem.repo': Error code: Curl error 60 Error message: SSL certificate problem: certificate has expired
- The lowest level trust root of letsencrypt, the "DST_Root_CA_X3", has expired on September 30th 2021.
- An intermediate CA "ISRG Root X1" which expires 2035 should now be the final root of trust.
- The letsencrypt setup returns both in a chain already ensuring that both are looked at and honored.
- openssl 1.0.2 and older did not handle this situation correctly, and would report the expired status
- This has been caused by the expiry of DST_Root_CA_X3 only.
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000020401
- Creation Date: 18-Jan-2022
- Modified Date:18-Jan-2022
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: email@example.com