[September 24, 2021]
Starting today, we’ve started seeing an increased number of SSL certificate failures, which is due to one of LetsEncrypt root certificates (DST Root CA X3) that’s about to expire within the next few days, on September 30, 2021.
You can read more about this here:
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
https://techcrunch.com/2021/09/21/lets-encrypt-root-expiry/
Why is this happening before the expiration date?
Even though the root certificate hasn’t expired yet, some operating systems, including Ubuntu which is what we use on our monitoring nodes, have removed this certificate from their trusted bundle ahead of time with a few days, in order to avoid any issues when the certificate expires. This means that if your websites are still using this root certificate, some of your visitors might be getting SSL errors when accessing your sites; and it also means that our system will see your website as ‘DOWN’ if you have the Verify SSL option active on your uptime monitors.
What can you do?
If you’re affected by this, you should update your SSL certificates immediately, in order to use newer ones that don’t have the expiring root certificate in their chain. You can seek further support about this on LetsEncrypt community forum.
In the meantime, while you’re updating your SSL certificates, you can either disable the Verify SSL option for your uptime monitors or put them under Maintenance Mode, if you wish to avoid the downtime notifications.