Root cause
Old Let's Encrypt CA certificates became invalid on 30.09.2021:
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
All TDS certificates are already signed by new Let's Encrypt authority for 6 months approximately. Thanks to cross signing it worked until expiry 30.09.2021.
Therefore you have to make sure that all your tools trust that new CA certificates which were created in 2015 but still is not distributed everywhere.
Solutions
Issues are usually caused by outdated tools installed or Let's Encrypt certificate missing in trusted CA stores.
Windows
Importing CA certificate into Windows certificates store
- Open your favourite Browser
- Download new Lets's Encrypt ISRG root certificate https://letsencrypt.org/certs/isrgrootx1.pem
- Double click on downloaded CA certificates and follow import wizard. It can look like this: http://blog.didierstevens.com/2010/10/31/quickpost-adding-certificates-to-the-certificate-store/
Linux
Importing CA certificate into Ubuntu certificates store
Importing CA certificate into CentOS certificates store
Install latest ca certs package
yum install ca-certificates
If it still does not work, download CA certificate in PEM format into /etc/pki/ca-trust/source/anchors/ folder:
wget https://letsencrypt.org/certs/isrgrootx1.pem -O /etc/pki/ca-trust/source/anchors/isrgrootx1.crt update-cacerts
Related articles
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/