I ran into an SSL verification issue today, caused by this change. It seems that some older LetsEncrypt clients have still recently been issuing valid certificates signed by the DST Root CA X3 root.
These certificates would have otherwise continued to work normally until the root expired (September 30th 2021), but have been distrusted early due to this change. (Indeed the certificate in question in my case was still trusted by the latest Chrome etc.) The best fix is to make sure the ACME client is up-to-date and re-issue the certificates under the new root cert. Posting for awareness - surprised I'm the first! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1944481 Title: Distrust "DST Root CA X3" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1944481/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
