Root cause

Old Let's Encrypt CA certificates became invalid on 30.09.2021:

https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

All TDS certificates are already signed by new Let's Encrypt authority for 6 months approximately. Thanks to cross signing it worked until expiry 30.09.2021.

Therefore you have to make sure that all your tools trust that new CA certificates which were created in 2015 but still is not distributed everywhere.

Solutions

Issues are usually caused by outdated tools installed or Let's Encrypt certificate missing in trusted CA stores.

Windows

Importing CA certificate into Windows certificates store

1. Open your favourite Browser
2. Download new Lets's Encrypt ISRG root certificate https://letsencrypt.org/certs/isrgrootx1.pem
3. Double click on downloaded CA certificates and follow import wizard. It can look like this: http://blog.didierstevens.com/2010/10/31/quickpost-adding-certificates-to-the-certificate-store/

Linux

Importing CA certificate into Ubuntu certificates store

Importing CA certificate into CentOS certificates store

• Install latest ca certs package

  yum install ca-certificates

• If it still does not work, download CA certificate in PEM format into /etc/pki/ca-trust/source/anchors/ folder:

  wget https://letsencrypt.org/certs/isrgrootx1.pem -O /etc/pki/ca-trust/source/anchors/isrgrootx1.crt
  update-cacerts

Related articles

https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

https://www-root-cz.translate.goog/zpravicky/vyprsel-korenovy-certifikat-dst-root-ca-pouzivany-autoritou-let-s-encrypt/?_x_tr_sl=cs&_x_tr_tl=en&_x_tr_hl=fi&_x_tr_pto=nui

https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/

• Page:
  Jenkins cleanup
• Page:
  Jira Project Admin guide for beginners
• Page:
  How to make new Lets Encrypt CA certificates trusted
• Page:
  How convert SSH Keys to PPK Format?
• Page:
  How to generate a SSH Key in a Windows