Moritz Bastian Posted October 4, 2021 Share Posted October 4, 2021 Hi, I have problems renewing my cert. It always says "R3 certificate has expired". Ubuntu 18.04.5 LTS Certbot Version: 0.27.0 Do I somehow have to delete R3 as ca-cert? All the best, Moritz Link to comment Share on other sites More sharing options...
0 Mohit Posted October 4, 2021 Share Posted October 4, 2021 Hello Moritz, I think there were some issues recently with Lets encrypt ssl certifications. Can you please generate a new one and enable SSL according to https://github.com/ant-media/Ant-Media-Server/wiki/SSL-Setup For self signed certificates you can refer https://github.com/ant-media/Ant-Media-Server/wiki/Frequently-Asked-Questions#how-to-use-self-signed-certificate-on-ant-media-server -- Best Regards, Mohit Dubey Link to comment Share on other sites More sharing options...
0 Joseph Brundige Posted October 4, 2021 Share Posted October 4, 2021 We had this same issue last week and we were forced to purchase a certificate and install it. The letsencrypt cert would not work for users on Mac computers. -- Joseph Brundigep. 424.444.0555m. 310.889.8288northshore.meheyjoe.io Link to comment Share on other sites More sharing options...
0 Moritz Bastian Posted October 4, 2021 Author Share Posted October 4, 2021 Somehow the Website on this Server is working - Port 5443 has problems with an expired certificate - BUT Certificate is the same. Link to comment Share on other sites More sharing options...
0 Mohit Posted October 4, 2021 Share Posted October 4, 2021 Hi, I suspect some issues with Lets encrypt which is causing it to appear as unsure though the Web Panel is very much accessible (SS). Are you using a self signed SSL! -- Best Regards, Mohit Dubey Link to comment Share on other sites More sharing options...
0 Ben Bowler Posted October 5, 2021 Share Posted October 5, 2021 It's an issue with the R3 root cert. Any options to fix? Link to comment Share on other sites More sharing options...
0 Murat Eminoglu Posted October 5, 2021 Share Posted October 5, 2021 Hi everyone, Let me explain this. Let's Encrypt was using "DST ROOT CA X3" for certificates and it has been expired on 30 of September 2021. Because of this, since there are not any new CAs in the clients, certificate errors occurred, and Let's Encrypt now uses "ISGR ROOT X1" and "ISRG ROOT X2" as new Root CAs. To solve the certificate errors, you should import the following certificates (ISGR ROOT X1, ISRG ROOT X2, ) to your computers or other devices. https://letsencrypt.org/certs/isrgrootx1.pem https://letsencrypt.org/certs/isrg-root-x2.pem https://letsencrypt.org/certs/lets-encrypt-r3.pem You may also get a certificate error because the ones in the list below use "DST ROOT CA X3". Windows >= XP SP3 (assuming Automatic Root Certificate Update isn’t manually disabled) macOS >= 10.12.1 iOS >= 10 (iOS 9 does not include it) iPhone 5 and above can upgrade to iOS 10 and can thus trust ISRG Root X1 Android >= 7.1.1 (but Android >= 2.3.6 will work by default due to our special cross-sign) Mozilla Firefox >= 50.0 Ubuntu >= xenial / 16.04 (with updates applied) Debian >= jessie / 8 (with updates applied) Java 8 >= 8u141 Java 7 >= 7u151 NSS >= 3.26 I hope it's clear now. Regards. Link to comment Share on other sites More sharing options...
0 Joseph Brundige Posted October 5, 2021 Share Posted October 5, 2021 Yes, but this is not a good solution because you’d have to tell all your end users about it and most will have no idea how to import those certificates. A better solution is to buy a certificate and replace the let’s encrypt certificate. -- Joseph Brundigep. 424.444.0555m. 310.889.8288northshore.meheyjoe.io Link to comment Share on other sites More sharing options...
0 Murat Eminoglu Posted October 5, 2021 Share Posted October 5, 2021 You could face the same issue when you get a Custom certificate if the CA duration expires or it renews because of an issue. Keeping the client OS side up to date is a good solution. https://letsencrypt.org/docs/certificate-compatibility/ Regards. Link to comment Share on other sites More sharing options...
0 Joseph Brundige Posted October 5, 2021 Share Posted October 5, 2021 I am very confused as to why you think asking end users to perform a complicated task on their system is a better solution than swapping out the SSL certificate? Even brand new Macbook Pros with updated software have this issue. We purchased a wildcard from Setigo and it works great and now all errors are gone. This problem was a nightmare for us last week and cost us a lot of money. I wouldn't recommend anyone stay with Letsencrypt cert. Just my opinion. Joe -- Joe Brundige 310.889.8288 424.444.0555 . Link to comment Share on other sites More sharing options...
0 Gilbert Arias Posted October 6, 2021 Share Posted October 6, 2021 this problem was advised since 2 weeks before it happens its your fault if it catch you out of base, i just simply updated my server same day and no issues comes from lets encrypt side Link to comment Share on other sites More sharing options...
0 Joseph Brundige Posted October 6, 2021 Share Posted October 6, 2021 Thanks Gilbert. How did you update your server? -- Joseph Brundigep. 424.444.0555m. 310.889.8288northshore.meheyjoe.io Link to comment Share on other sites More sharing options...
0 Ben Bowler Posted October 20, 2021 Share Posted October 20, 2021 Do you mean update to the latest version of AMS? Link to comment Share on other sites More sharing options...
Question
Moritz Bastian
Hi,
Link to comment
Share on other sites
Top Posters For This Question
4
2
2
2
Popular Days
Oct 4
5
Oct 5
5
Oct 6
2
Oct 20
1
Top Posters For This Question
Joseph Brundige 4 posts
Mohit 2 posts
Moritz Bastian 2 posts
Ben Bowler 2 posts
Popular Days
Oct 4 2021
5 posts
Oct 5 2021
5 posts
Oct 6 2021
2 posts
Oct 20 2021
1 post
Posted Images
12 answers to this question
Recommended Posts