The expiration of Let’s Encrypt’s root certificate on Sept 30, 2021 threw up a number of problems, though not perhaps in the areas predicted ahead of the event.
A legacy certificate used by the certificate authority – the IdenTrust DST Root CA X3 – expired on September 30.
Let’s Encrypt saw this issue coming more than two years ago, repeatedly advising its community and subscribers on how to move over to a new root cert.
Chain of fools
As it turned out, systems depending on OpenSSL 1.02 (which has been obsolete since December 2019) accounted for the majority of issue with the Let’s Encrypt root cert transition logged so far.
Big companies with an issue included: Palo Alto, Bluecoat, Cisco Umbrella, Catchpoint, Guardian Firewall, Monday.com, PFsense, Google Cloud Platform, Microsoft Azure Application Gateway, OVH, Auth0, Shopify, Xero, QuickBooks, Fortinet, Heroku, Rocket League, InstaPage, cPanel, Ledger, Netlify, Cloudflare Pages, Sophos, AWS, and DigitalOcean.