Oct 1, 2021. LetsEncrypt's DST Root CA X3 Root Certificate is expired.
As a result, if your client(linux server) is not in the compatible list above, there will be an error similar to this:
server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt
Are you using Ubuntu 16.04 but not updating it on time?
Then your Ubuntu server couldn't be compatible with ISRG Root X1.
Don't worry, I can help you!
- create or edit
/etc/apt/apt.conf.d/80ssl-exceptionsand put this to avoid cert. error during updating.
Acquire::https::Verify-Peer "false"; Acquire::https::Verify-Host "false";
- run this commands
sudo apt-get update sudo apt-get upgrade
- don't forget to delete
/etc/apt/apt.conf.d/80ssl-exceptionsif you created it in step no.1 instead of modifying it.
rm -rf /etc/apt/apt.conf.d/80ssl-exceptions
This is the solution for Ubuntu. I believe that solutions on other platforms will be shared by experts in each field soon.
Let's save the world.