How Can We Help?
< All Topics
Print

Troubleshooting Connection Issues: Unable to Connect to a Remote URL with Let’s Encrypt Certificate on VPS

VPS instances may face certificate expiration errors due to Let’s Encrypt cross-signed DST Root CA X3 expiration, affecting certain operating systems that cannot connect to servers using Let’s Encrypt certificates or access the Let’s Encrypt endpoint after September 30, 2021.

  • CentOS and RHEL 7 or lower
  • Ubuntu 16.04 or lower
  • Debian 8 or lower

Let’s encrypt certificates default to a certificate chain cross-signed by the expired DST Root CA X3 certificate. As of OpenSSL 1.0.2, untrusted chains are preferred, causing affected servers to be unable to issue or renew certificates and losing access to the servers using them.

a) What does the error look like ?

vps

b) How can I solve it ?

To resolve this issue, connect to your VPS via SSH and use the following commands, depending on your Operating System.

CentOS 6

1. First, connect your VPS via SSH.

2. Then, enter and run the yum update openssl* command in it.

CentOS 7

1. First, connect your VPS via SSH.

2. Then, enter and run the yum update ca-certificates command in it.

Debian/Ubuntu

1. First, connect your VPS via SSH.

2. Then, enter and run the apt-get install libgnutls-openssl27 or sed -i ‘s#mozilla/DST_Root_CA_X3.crt#!mozilla/DST_Root_CA_X3.crt#’ /etc/ca-certificates.conf && update-ca-certificates command in it.

Table of Contents