We are seeing compatibility issues for some applications with the new Let's Encrypt X1 certificate chain.
This has been triggered after the old "DST Root CA X3" certificate expired yesterday. Details about the scheduled expiry are here: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
Customer services are generally available, however, there are some issues with older certificate trust stores and compatibility of the new root certificate chains with old SSL client software (e.g. OpenSSL before 1.1).
For today we are planning the following activities to ensure that your applications continue to run properly or are recovered from malfunctions as quickly as possible:
* Provide Let's Encrypt certificates based on the short chain for the relevant infrastructure components to ensure compatibility with OpenSSL 1.0 based systems.
* Provide updated trust stores for our older platforms (Gentoo and NixOS 15.09).
* Raising awareness with our ops team to quickly pick up compatibility issues that customers experience and provide advice as well as solutions depending on the situation.
* Review all application logs and scan for SSL issues that our monitoring did not pick up otherwise.
* Review customer deployments that might use outdated OpenSSL versions due to pinned versions.
Please contact us through the usual channels if you experience any issues related to our services or your applications.
We are sorry that we did not predict those compatibility issues and their impact early enough.