Back to overview

Expired TLS Certificate Errors

Sep 30 at 03:26pm UTC
Affected services
Licensing & Distribution API

Resolved
Sep 30 at 03:26pm UTC

We are seeing reports of some customers receiving an expired TLS cerificate error when connecting to our APIs. Lets Encrypt's older root cert, DST Root CA X3, expired today, and we are working with customers to resolve this issue for affected devices. To resolve, Let's Encrypt's new root cert, ISRG Root X1, needs to be trusted. Unfortunately, this is currently out of our control and older clients must be updated to trust the new CA

Please upgrade your ca-certificates. For example — on Unix, you will need to upgrade the ca-certificates package; on macOS, you may need to reboot, reinstall OpenSSL >= 1.1 and then upgrade curl to the latest version via Homebrew.

Additional reading and steps to resolve the issues on devices that do not have an up-to-date certificate chain: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

Other discussions and links that may help:

We have marked this incident as resolved because it is a client issue, not a server issue. Though, we will continue to monitor if there's anything we can do on our end to lessen its impact. Please reach out if you need assistance upgrading.