Question How to fix Lets Encrypt root certificate expiration on 30 September 2021 on centos6

[WSNHosting]

How to fix Lets Encrypt root certificate expiration on 30 September 2021 on centos6

now function curl and file_getcontent not work on website use Lets Encrypt
and i use centos6 can't update or upgrade os but i need fix Lets Encrypt root certificate expiration

thankyou

 

[Monty]

Looks like migrating to a more recent OS is your only choice:

RHEL/CentOS 6 OpenSSL client compatibility after DST Root CA X3 expiration

Thanks for the confirmation, this matches my expectations. Sadly this is not great for those running these old versions. So my initial statement still holds, right now there is not much that can be done for CentOS/RHEL 6. I strongly recommend upgrading, if that's possible in any way shape or...

community.letsencrypt.org

 

[ChristophRo]

It may help if you manually remove the expired "DST Root CA X3" root certificate from the files /etc/ssl/certs/ca-bundle.crt and /etc/ssl/certs/ca-bundle.trust.crt

You can open these files in your editor and search for it. (either it's name or this string "rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq" - as the later is part of this encoded certificate)

Just delete the appropriate section from these files, save and try your luck.

 

[Monty]

Probably won't work on CentOS 6 because it's using openssl 1.0.1. The workaround with removing the expired root requires OpenSSL's partial chain feature, which is only available in 1.0.2 and up

 

[KrazyBob]

How to fix Lets Encrypt root certificate expiration on 30 September 2021 on centos6

now function curl and file_getcontent not work on website use Lets Encrypt
and i use centos6 can't update or upgrade os but i need fix Lets Encrypt root certificate expiration

thankyou

I know that in the past 23 years I've had issues with being unable to change the OS because it would mean having a second machine and migrate everything over. It's a hassle. Plesk has made it a whole lot easier since getting to version 18 and Obsidian. The biggest issue was sites using older versions of PHP and not wanting to lose customers because they would have to rewrite their scripts. But the truth of the matter is that their scripts were so outdated that they were a security risk anyway.

I'm generally the guy that doesn't like other people answering my question by telling me to do something I didn't even ask. I'm going to go against my own grain and ask why you still on Centos 6? You are seriously outdated. Seriously. You don't need to reply but it's something to think about. Remember that you can have older versions of PHP as well as the new ones. But you really need to get those old PHP scripts of your clients upgraded anyway if that's what's slowing you down. It's a whole lot easier to come out from underneath something you planned for than a rooted server. Been there and done that too many times until I fired my administrator and started doing it myself. I love to read his LinkedIn profile where he claims to be a security expert. Laughable. I digress.

But seriously. You are really really outdated. You don't need to reply.

 

[Tozz]

The biggest issue was sites using older versions of PHP and not wanting to lose customers because they would have to rewrite their scripts.

In my experience it's best to do upgrades as fast as you can do them. It makes for small incremental changes, which allows customers to keep up instead of bumping a couple major versions every decade or so. And it also learns your customers that a website needs maintenance and is not a 'upload and forget'-thing.