khun84/letsencrypt_ca_cert.md

Created October 11, 2021 14:09

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/khun84/c05202a309e3b3140c5711f9c5c2dc4e.js"></script>
Save khun84/c05202a309e3b3140c5711f9c5c2dc4e to your computer and use it in GitHub Desktop.

Download ZIP

How to fix letsencrypt expired root cert

Raw

letsencrypt_ca_cert.md

The reason of this issue is here => https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/

So basically we can just remove the expired cert from the ssl cert file as suggested here => https://www.linuxadictos.com/en/ya-iniciaron-los-problemas-generados-por-el-certificado-dst-root-ca-x3.html

My ssl cert file is located in /etc/ssl/cert.pem. I just need to look for the expired cert and comment it out.

Since Im using ruby 2.3.1 which is using openssl 1.0.2t and I dont want to recompile it, I can use the env var SSL_CERT_FILE to tell which ssl cert i want to use in ruby runtime.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment