Skip to main content

Let's Encrypt Root Certificate expiration Sept 30th 2021

Posted by thirdlane on Fri, 10/01/2021

We would like to inform you that as of 10/01/2021 the rules of operation of free SSL certificates issued by Let's Encrypt have changed.

All technical details are available here

If you use Let's Encrypt certificates on servers with Thirdlane software, then you will encounter the following problems:

1. The automatic renewal of current certificates will stop working.

In order to generate a fresh certificate in a timely manner (Let's Encryp certificates expire in 3 month), Thirdlane software checks the expiration date of the current certificate every day and requests a new certificate from Let's Encrypt a week before the expiration. Starting 10/01/2021 this procedure will stop working and the certificate will not be able to renew. This problem will be resolved in the next release of Thirdlane software, in the meantime, you can fix the auto-update process by running the following command in the server console:

curl -o && sudo sh

2. Some devices and phones may have a problem accessing Thirdlane server. 

Since the problem is related to root SSL certificates, which are distributed with operating system on all computers and other devices such as phones, old devices will stop trusting Let's Encrypt certificates and will receive an error when accessing your server via the https protocol . This is especially critical for sip phones if you have provisioning configured via https / ftps.
We recommend that you immediately check whether the phone models you are using work with Let's Encrypt certificates after 10/01/2021. This issue can not be fixed by Thirdlane - it only depends on the firmware and operating systems of the client devices such as phones.

Possible solutions:

Update device firmware.
Put a commercial SSL certificate on the server instead of the free Let's Encrypt certificate.