Symptoms
We are currently facing an issue in which domains that use an SSL certificate from Let's Encrypt are showing the server's hostname as the common name, instead of the actual domain name that is on the certificate. This is causing browser errors and email client errors.
Description
This is related to the recent expiration of the DST Root CA X3 Cert from Let's Encrypt. We believe this to be causing issues with the SNI configuration. Further details on this can be found here:
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
We've opened an internal case for our development team to investigate this further. For reference, the case number is UPS-403 (internal case CPANEL-38820). Follow this article to receive an email notification when a solution is published in the product.
Workaround
Our development team has published an autofixer for this issue that can run manually using the following command:
/scripts/autorepair update_lets_encrypt_cabundles2
If this command has not been run manually, it will run automatically as a part of your nightly cPanel update cronjob. Please note, this command will run only once during the update. Once the autofixer is performed, It will not run as a part of the nightly update moving forward.
Comments
1 comment
At this time, we have pushed out an Autofixer to resolve most of the issues surrounding the old SSL certificates. We are continuing to work on fully resolving the issue. Please standby for more updates. Thank you for your continued patience.
Article is closed for comments.