Let’s Encrypt root certificate expired (urgent)

After the expiration of Let’s Encrypt root certificates, yesterday, there are many mail applications that can’t access to my box unless they accept the old certificate.

This box is still v.0.30 :frowning: , so I don’t know if there is something I can do with this version and this Ubuntu.

There are 11 software packages that can be updated…

libapt-pkg4.12 (1.0.1ubuntu2.24)
apt (1.0.1ubuntu2.24)
libapt-inst1.5 (1.0.1ubuntu2.24)
apt-utils (1.0.1ubuntu2.24)
apt-transport-https (1.0.1ubuntu2.24)
ubuntu-release-upgrader-core (1:0.220.11)
python3-distupgrade (1:0.220.11)
grub-pc (2.02~beta2-9ubuntu1.17)
grub-pc-bin (2.02~beta2-9ubuntu1.17)
grub2-common (2.02~beta2-9ubuntu1.17)
grub-common (2.02~beta2-9ubuntu1.17)

…but nothing seems to be related to Let’s Encrypt.

I am also afraid that if I reboot… a big certificate problen could arise and make my server unavailable.

Any ideas?
Is there someone withe same problem?

Thank you In advance:
Jeremy

BTW:
Lots of info here about the certificate question: DST Root CA X3 expiry countdown - ISRG/Organizational - Let's Encrypt Community Support

If you have clients that can’t connect to your Mail-in-a-Box anymore, there are two ways you can probably handle this problem:

Thank you, Josh:

So there is nothing I can do from the server? Even updating to v0.54?

Provisioning my own SSL/TLS certificate seems a little bit risky for me. Everything is so well done in MIAB that I am afraid of touching anything out of the standard procedures.

Does anyone know any tutorial or instructions to update a two years old Android ?

Thank you in advance:
Jeremy

It doesn’t really have anything to do with the server.

Provisioning my own SSL/TLS certificate seems a little bit risky for me.

Installing a certificate is actually pretty easy and safe. The only trick is I don’t know if other TLS certificate providers will have the same compatibility issues as Lets Encrypt. Probably the big names (Verisign, Comodo, GoDaddy) will provide certificates with the greatest compatibility. But I haven’t been tracking this issue closely.

You really should upgrade. The longer you wait, the worse it will be.

1 Like

You really need to upgrade - seriously. I am available to perform this for you at my normal rate if so desired, in case your reason for not staying current has been lack of available time.

2 Likes

Just in case someone needs it:

The problem arises even in new Android phones when using mail apps (like Edison Mail or Blackberry Hub for Android).

I´ve found the solution in Reddit: https://www.reddit.com/r/blackberry/comments/pyky4v/comment/heyju7t/?utm_source=share&utm_medium=web2x&context=3

Here is the solution:

Just to let you know. I encountered the same problem. I solved it by deactivating the old root certificate in Android settings manually.

Settings → Security & Location → Encryption & credentials → Trusted credentials

Search there in the system column for the Digital Signature Trust Co. (DST Root CA X3) expired certificate and deactivate it. Restart the Blackberry Hub and voila.