Let's Encrypt Logo

The expiration of Let’s Encrypt’s root certificate on Sept 30, 2021 threw up a number of problems, though not perhaps in the areas predicted ahead of the event.

A legacy certificate used by the certificate authority – the IdenTrust DST Root CA X3 – expired on September 30.

Let’s Encrypt saw this issue coming more than two years ago, repeatedly advising its community and subscribers on how to move over to a new root cert.


Chain of fools

As it turned out, systems depending on OpenSSL 1.02 (which has been obsolete since December 2019) accounted for the majority of issue with the Let’s Encrypt root cert transition logged so far.

Big companies with an issue included: Palo Alto, Bluecoat, Cisco Umbrella, Catchpoint, Guardian FirewallMonday.com, PFsense, Google Cloud Platform, Microsoft Azure Application Gateway, OVH, Auth0, Shopify, Xero, QuickBooks, Fortinet, Heroku, Rocket League, InstaPage, cPanel, Ledger, Netlify, Cloudflare PagesSophosAWS, and DigitalOcean.

Read more at:  https://portswigger.net/daily-swig/lets-encrypt-root-cert-update-catches-out-many-big-name-tech-firms

Let’s Encrypt root cert update catches out many big-name tech firms
Tagged on:                 

Leave a Reply

Your email address will not be published. Required fields are marked *