{"id":3593,"date":"2021-10-01T14:30:24","date_gmt":"2021-10-01T12:30:24","guid":{"rendered":"https:\/\/geko.cloud\/?p=3593"},"modified":"2021-12-10T12:34:06","modified_gmt":"2021-12-10T11:34:06","slug":"ssl-root-certificates-lets-encrypt-issue","status":"publish","type":"post","link":"https:\/\/geko.cloud\/en\/ssl-root-certificates-lets-encrypt-issue\/","title":{"rendered":"SSL Root Certificates Let&#8217;s encrypt Issue"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">We have detected an issue regarding letsencrypt certificate CA trust regarding a CA certificate that expired yesterday 30\/09\/2021.<\/span><\/p>\n<p><span style=\"font-weight: 400;\"> This issue consists on that clients will wrongly identify correct, valid certificates as invalid, because the CA they are based on is now invalid and the client software was not updated to trust the new CA, so it is now giving these authentication problems. We have identified that this is a problem with older software clients like curl, or older versions of programming languages like php that do not have this CA installed in them and thus fail to access clients with letsencrypt certificates.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-weight: 400;\">Scope<\/span><\/h2>\n<h3><span style=\"font-weight: 400;\">Affected software versions<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">&#8211; OpenSSL &lt;= 1.0.2<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Windows &lt; XP SP3<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; macOS &lt; 10.12.1<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; iOS &lt; 10 (iPhone 5 is the lowest model that can get to iOS 10)<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Android &lt; 7.1.1 (but &gt;= 2.3.6 will work if served ISRG Root X1 cross-sign)<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Mozilla Firefox &lt; 50<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Ubuntu &lt; 16.04<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Debian &lt; 8<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Java 8 &lt; 8u141<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Java 7 &lt; 7u151<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; NSS &lt; 3.26<br \/>\n-CDN like Cloudflare<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Amazon FireOS (Silk Browser)<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">This is an effect that can not only be felt by users or client applications, but by the application itself. For example, if your application is running on a system using a version lower than the detailed above, like a webserver with openssl 1.0.1, requests to any letsencrypt-backed service will fail.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-weight: 400;\">Remediation<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Solution to this problem is to upgrade the client version of the software stack so it trusts the new root CA as a full solution. You can also patch the issue by modifying your software so it doesn\u2019t check the validity of the CA, although keep in mind that this should be a temporary solution as it is an insecure software practice and should not be left applied in a production environment more time than necessary.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">Here\u2019s more technical information about this issue:<\/span><\/p>\n<p><a href=\"https:\/\/letsencrypt.org\/docs\/dst-root-ca-x3-expiration-september-2021\/\"><span style=\"font-weight: 400;\">https:\/\/letsencrypt.org\/docs\/dst-root-ca-x3-expiration-september-2021\/<\/span><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We have detected an issue regarding letsencrypt certificate CA trust regarding a CA certificate that expired yesterday 30\/09\/2021. This issue consists on that clients will wrongly identify correct, valid certificates as invalid, because the CA they are based on is now invalid and the client software was not updated to trust the new CA, so [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":3594,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[71,126,67,44],"tags":[120],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SSL Root Certificates Let&#039;s encrypt Issue - Geko Cloud<\/title>\n<meta name=\"description\" content=\"We have detected an issue regarding letsencrypt certificate CA trust regarding a CA certificate that expired yesterday 30\/09\/2021\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SSL Root Certificates Let&#039;s encrypt Issue - Geko Cloud\" \/>\n<meta property=\"og:description\" content=\"We have detected an issue regarding letsencrypt certificate CA trust regarding a CA certificate that expired yesterday 30\/09\/2021\" \/>\n<meta property=\"og:url\" content=\"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/\" \/>\n<meta property=\"og:site_name\" content=\"Geko Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2021-10-01T12:30:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-12-10T11:34:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/10\/rootcertificateissueletsencrypt.png\" \/>\n\t<meta property=\"og:image:width\" content=\"3648\" \/>\n\t<meta property=\"og:image:height\" content=\"2368\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Jose Luis S\u00e1nchez\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@geko_cloud\" \/>\n<meta name=\"twitter:site\" content=\"@geko_cloud\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/\"},\"author\":{\"name\":\"Jose Luis S\u00e1nchez\",\"@id\":\"https:\/\/geko.cloud\/es\/#\/schema\/person\/d06aff498ebfbc75b5010ebe92af41ed\"},\"headline\":\"SSL Root Certificates Let&#8217;s encrypt Issue\",\"datePublished\":\"2021-10-01T12:30:24+00:00\",\"dateModified\":\"2021-12-10T11:34:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/\"},\"wordCount\":323,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/geko.cloud\/es\/#organization\"},\"image\":{\"@id\":\"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/10\/rootcertificateissueletsencrypt.png\",\"keywords\":[\"letsencrypt\"],\"articleSection\":[\"Featured post\",\"Incidents\",\"Labs\",\"News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/\",\"url\":\"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/\",\"name\":\"SSL Root Certificates Let's encrypt Issue - Geko Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/geko.cloud\/es\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/10\/rootcertificateissueletsencrypt.png\",\"datePublished\":\"2021-10-01T12:30:24+00:00\",\"dateModified\":\"2021-12-10T11:34:06+00:00\",\"description\":\"We have detected an issue regarding letsencrypt certificate CA trust regarding a CA certificate that expired yesterday 30\/09\/2021\",\"breadcrumb\":{\"@id\":\"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/#primaryimage\",\"url\":\"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/10\/rootcertificateissueletsencrypt.png\",\"contentUrl\":\"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/10\/rootcertificateissueletsencrypt.png\",\"width\":3648,\"height\":2368},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\/\/geko.cloud\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SSL Root Certificates Let&#8217;s encrypt Issue\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/geko.cloud\/es\/#website\",\"url\":\"https:\/\/geko.cloud\/es\/\",\"name\":\"Geko Cloud\",\"description\":\"Servicios de consultor\u00eda cloud y devops\",\"publisher\":{\"@id\":\"https:\/\/geko.cloud\/es\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/geko.cloud\/es\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/geko.cloud\/es\/#organization\",\"name\":\"Geko Cloud\",\"url\":\"https:\/\/geko.cloud\/es\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/geko.cloud\/es\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/10\/geko_logo-positivo.png\",\"contentUrl\":\"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/10\/geko_logo-positivo.png\",\"width\":1650,\"height\":809,\"caption\":\"Geko Cloud\"},\"image\":{\"@id\":\"https:\/\/geko.cloud\/es\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/geko_cloud\",\"https:\/\/www.instagram.com\/gekocloud\/\",\"https:\/\/www.linkedin.com\/company\/gekocloud\",\"https:\/\/www.youtube.com\/channel\/UC5EFLCqUM7fEaXSa_0nWowQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/geko.cloud\/es\/#\/schema\/person\/d06aff498ebfbc75b5010ebe92af41ed\",\"name\":\"Jose Luis S\u00e1nchez\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/geko.cloud\/es\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ebfd055d4dba456220c682523fcc237c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ebfd055d4dba456220c682523fcc237c?s=96&d=mm&r=g\",\"caption\":\"Jose Luis S\u00e1nchez\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SSL Root Certificates Let's encrypt Issue - Geko Cloud","description":"We have detected an issue regarding letsencrypt certificate CA trust regarding a CA certificate that expired yesterday 30\/09\/2021","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/","og_locale":"en_US","og_type":"article","og_title":"SSL Root Certificates Let's encrypt Issue - Geko Cloud","og_description":"We have detected an issue regarding letsencrypt certificate CA trust regarding a CA certificate that expired yesterday 30\/09\/2021","og_url":"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/","og_site_name":"Geko Cloud","article_published_time":"2021-10-01T12:30:24+00:00","article_modified_time":"2021-12-10T11:34:06+00:00","og_image":[{"width":3648,"height":2368,"url":"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/10\/rootcertificateissueletsencrypt.png","type":"image\/png"}],"author":"Jose Luis S\u00e1nchez","twitter_card":"summary_large_image","twitter_creator":"@geko_cloud","twitter_site":"@geko_cloud","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/#article","isPartOf":{"@id":"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/"},"author":{"name":"Jose Luis S\u00e1nchez","@id":"https:\/\/geko.cloud\/es\/#\/schema\/person\/d06aff498ebfbc75b5010ebe92af41ed"},"headline":"SSL Root Certificates Let&#8217;s encrypt Issue","datePublished":"2021-10-01T12:30:24+00:00","dateModified":"2021-12-10T11:34:06+00:00","mainEntityOfPage":{"@id":"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/"},"wordCount":323,"commentCount":0,"publisher":{"@id":"https:\/\/geko.cloud\/es\/#organization"},"image":{"@id":"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/#primaryimage"},"thumbnailUrl":"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/10\/rootcertificateissueletsencrypt.png","keywords":["letsencrypt"],"articleSection":["Featured post","Incidents","Labs","News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/","url":"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/","name":"SSL Root Certificates Let's encrypt Issue - Geko Cloud","isPartOf":{"@id":"https:\/\/geko.cloud\/es\/#website"},"primaryImageOfPage":{"@id":"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/#primaryimage"},"image":{"@id":"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/#primaryimage"},"thumbnailUrl":"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/10\/rootcertificateissueletsencrypt.png","datePublished":"2021-10-01T12:30:24+00:00","dateModified":"2021-12-10T11:34:06+00:00","description":"We have detected an issue regarding letsencrypt certificate CA trust regarding a CA certificate that expired yesterday 30\/09\/2021","breadcrumb":{"@id":"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/#primaryimage","url":"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/10\/rootcertificateissueletsencrypt.png","contentUrl":"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/10\/rootcertificateissueletsencrypt.png","width":3648,"height":2368},{"@type":"BreadcrumbList","@id":"https:\/\/geko.cloud\/es\/incidente-ca-letsencrypt-30-09-2021\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/geko.cloud\/en\/"},{"@type":"ListItem","position":2,"name":"SSL Root Certificates Let&#8217;s encrypt Issue"}]},{"@type":"WebSite","@id":"https:\/\/geko.cloud\/es\/#website","url":"https:\/\/geko.cloud\/es\/","name":"Geko Cloud","description":"Servicios de consultor\u00eda cloud y devops","publisher":{"@id":"https:\/\/geko.cloud\/es\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/geko.cloud\/es\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/geko.cloud\/es\/#organization","name":"Geko Cloud","url":"https:\/\/geko.cloud\/es\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/geko.cloud\/es\/#\/schema\/logo\/image\/","url":"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/10\/geko_logo-positivo.png","contentUrl":"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/10\/geko_logo-positivo.png","width":1650,"height":809,"caption":"Geko Cloud"},"image":{"@id":"https:\/\/geko.cloud\/es\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/geko_cloud","https:\/\/www.instagram.com\/gekocloud\/","https:\/\/www.linkedin.com\/company\/gekocloud","https:\/\/www.youtube.com\/channel\/UC5EFLCqUM7fEaXSa_0nWowQ"]},{"@type":"Person","@id":"https:\/\/geko.cloud\/es\/#\/schema\/person\/d06aff498ebfbc75b5010ebe92af41ed","name":"Jose Luis S\u00e1nchez","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/geko.cloud\/es\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/ebfd055d4dba456220c682523fcc237c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ebfd055d4dba456220c682523fcc237c?s=96&d=mm&r=g","caption":"Jose Luis S\u00e1nchez"}}]}},"_links":{"self":[{"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/posts\/3593"}],"collection":[{"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/comments?post=3593"}],"version-history":[{"count":7,"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/posts\/3593\/revisions"}],"predecessor-version":[{"id":3597,"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/posts\/3593\/revisions\/3597"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/media\/3594"}],"wp:attachment":[{"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/media?parent=3593"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/categories?post=3593"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/tags?post=3593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}