SUSE Support

Here When You Need Us

Letsencrypt certificate reported expired starting October 1st 2021

This document (000020401) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 11

Situation

TLS or HTTPS services using letsencrypt certificates report the certificates no longer being valid or being expired even though the actual certificate is not expired.

Example of error message: 
zypper addrepo https://download.opensuse.org/repositories/systemsmanagement:/wbem/SLE_12_SP5/systemsmanagement:wbem.repo
Download (curl) error for 'https://download.opensuse.org/repositories/systemsmanagement:/wbem/SLE_12_SP5/systemsmanagement:wbem.repo':
Error code: Curl error 60
Error message: SSL certificate problem: certificate has expired



 

Resolution

Update has been released for "openssl 1.0.2". Please update to these versions.
SLE11: openssl-certs-2.44-0.7.24.1
SLE12: ca-certificates-mozilla-2.44-12.34.1
 

Cause

Reason:
  • The lowest level trust root of letsencrypt, the "DST_Root_CA_X3", has expired on September 30th 2021.
  • An intermediate CA "ISRG Root X1" which expires 2035 should now be the final root of trust.
  • The letsencrypt setup returns both in a chain already ensuring that both are looked at and honored.
  • openssl 1.0.2 and older did not handle this situation correctly, and would report the expired status
  • This has been caused by the expiry of DST_Root_CA_X3 only.

Additional Information

https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020401
  • Creation Date: 29-Sep-2021
  • Modified Date:18-Jan-2022
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community
tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Support FAQ
tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center