danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
This sounds like another instance of the clusterf*ck that Let's Encrypt has caused (or at least highlighted) with their recent change in the certificate chain--which isn't helped by the fact that you're using an EOL OS. See:
Best answer is probably to download the "Root X1" certificate and install it on the client system(s) as a trusted root CA:
Or try getting the cert from ZeroSSL instead. Make this change in the Caddyfile to do that:
Change acme_ca to
DST Root CA X3 Expiration (September 2021) - Let's Encrypt
Update Feb 05, 2024 It’s been two years, and the Android compatibility cross-sign mentioned below is close to expiring. See our recent blog post for a detailed explanation of the changes coming over the course of 2024. Update September 30, 2021 As planned, the DST Root CA X3 cross-sign has...
letsencrypt.org
Best answer is probably to download the "Root X1" certificate and install it on the client system(s) as a trusted root CA:
Chain of Trust - Let's Encrypt
Root Certificates Our roots are kept safely offline. We issue end-entity certificates to subscribers from the intermediates in the next section. For additional compatibility as we submit our new Root X2 to various root programs, we have also cross-signed it from Root X1. Active ISRG Root X1...
letsencrypt.org
Or try getting the cert from ZeroSSL instead. Make this change in the Caddyfile to do that:
Code:
{ # debug acme_ca https://acme-staging-v02.api.letsencrypt.org/directory email youremailhere
Change acme_ca to
https://acme.zerossl.com/v2/DV90
, then restart Caddy.