Old Let's Encrypt CA certificates became invalid on 30.09.2021:
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
All TDS certificates are already signed by new Let's Encrypt authority for 6 months approximately. Thanks to cross signing it worked until expiry 30.09.2021.
Therefore you have to make sure that all your tools trust that new CA certificates which were created in 2015 but still is not distributed everywhere.
Issues are usually caused by outdated tools installed or Let's Encrypt certificate missing in trusted CA stores.
Following resolutions help to make CA certs trusted for curl, wget and other system tools, also updates openjdk cacerts store.
Remember to restart Java based applications to take new certificates in use. |
apt-get install ca-certificates ca-certificates-java -y wget https://letsencrypt.org/certs/isrgrootx1.pem -O /usr/local/share/ca-certificates/isrgrootx1.crt update-ca-certificates update-ca-certificates --fresh |
yum install ca-certificates wget https://letsencrypt.org/certs/isrgrootx1.pem -O /etc/pki/ca-trust/source/anchors/isrgrootx1.crt update-cacerts |
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
|