Affected services:

  • Network & Connectivity

Let's Encrypt DST Root CA X3 Expiration

Opened on Thursday 30th September 2021, last updated

Resolved — We have deployed a fix provided by cPanel which will help with any residual problems. If you continue to have issues pertaining to SSL, please open a ticket with our support team. Thank you.

Posted by Krystal

Monitoring — In addition to the last update, we are aware of a display issue within cPanel that shows the certificate is invalid. This is being investigated and we are in communication with cPanel. The error appears cosmetic and from what we have observed, does not affect functionality. We are also aware of some external monitoring vendors who are having difficulty due to their own systems not being updated. This is causing downtime reports when sites are online. We would recommend looking at your vendor's service status page to verify.

Posted by Krystal

Monitoring — We are seeing some users contact us regarding issues with older web browsers or older mail clients showing SSL errors when connecting to a service with us. This is due to Let's Encrypt dropping support for an older root CA: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ To resolve this, the client software must be updated to one that is compatible with ISRG Root X1. A list of devices confirmed to be compatible with this can be seen here: https://letsencrypt.org/docs/certificate-compatibility/ Please note that this is not a Krystal-specific issue, and any software (web browsers, mail clients) impacted by this will also be unable to connect to any other web sites or mail servers which use Let's Encrypt

Posted by Krystal