Hello all, The Let's Encrypt "DST Root CA X3" root certificate expired today, September 30, 2021. https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
For most users, this isn't an issue because the newer "ISRG Root X1" certificate is trusted on all new devices. Users with very old devices such as iOS < 10 will see certificate expiration errors. You might want to check your server logs to see if there are "certificate expired" errors. I'm having the following problem, and still searching for the solution: I have a RoundCube server that is now unable to connect to an IMAP server (older qmailtoaster running couriertls). The error in the imap4-ssl log is "sslv3 alert certificate expired". I'm unsure if this error is generated by the server, or the client. Courier is not using the "DST Root CA X3" certificate. I checked the file defined by `TLS_CERTFILE=/var/qmail/control/servercert.pem` and the certificates start with the "ISRG Root X1" certificate. I'm guessing RoundCube isn't configured to trust this "ISRG Root X1" certificate, but I don't know where to find the configuration which tells RoundCube which certificates to trust, still searching… Regards, Quinn
