DirectAdmin Knowledge Base and Support

DirectAdmin is a web panel for a simple administration of both virtual and dedicated servers. DirectAdmin is faster, safe and more powerful than any other CP. And we know how to customize and support it.

Let's Encrypt: Chain of trust is NOT ok, expired.

| 18:41:53 07.10.2021

As of September 30, 2021 as planned, the DST Root CA X3 cross-sign has expired. And old devices including servers under CentOS 6 are reporting broken chain or failed peer 

ERROR: cannot verify’s certificate, issued by “/C=US/O=Let's Encrypt/CN=R3”: Issued certificate has expired.

when trying to connect to a secure protocol protected by a Let's Encrypt certificate. And here is a quick solution for servers with DirectAdmin.

Here we have two sides:

  • server's side storage of CA certificates
  • web-sites with expired CA certificates 

If the first issue can be fixed by upgrading a system set of CA certificates from a repository of OS. Use apt/apt-get/yum/dnf for it, considering OS you run there.

For the second issue we need to replace CA certificate for every hosted web-site. And it might become not trivial for servers with 100+ domains. That's why Poralix's prepared a small script for an automation of the process.

The mentioned script can be found at GitHub by the link:

The script can be used for replacing CA-root certificate and re-generating *.combined sets:

  • /usr/local/directadmin/data/users/${USER}/domains/${DOM}.cacert
  • /usr/local/directadmin/data/users/${USER}/domains/${DOM}.cert.combined

for every domain which is protected by a certificate from Let's Encrypt.

In order to run the script you might use the following code (as root):

bash <(curl -Ss || wget -O -

That's it.

About Us
We are a team of professionals, and specialize in installation, configuring and managing of remote virtual and dedicated servers powered by Linux/Unix-like OS with DirectAdmin. We support various sets of software, including web-servers Apache, Nginx; internet domain name servers Bind, PowerDNS; mail-servers with POP3, IMAP and SMTP, FTP-servers, etc. After years of working through the most complex server challenges our team has gathered valuable experience and universal solutions suitable for everyday tasks. We are here to lend you a helping hand and take care of your servers in order to let you have enough time to do more of what you love.

All of the information and data on this site is for informational purposes only and is provided for the convenience of the user.
Powered by: Amiro.CMS - Free edition