SSL certificate problem

Users of the API are reporting certificate problems. There may be an issue with an old root certificate of the certificate supplier Let’s Encrypt that expired today:

Our technical dept is now checking the issue. We’ll post updates here.

Any ETA on it? We are facing issues at our application and receiving following error.

OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=error: certificate verify failed (certificate has expired))

We’ve updated the chain of certificates being served. Here’s the current:

Certificate chain
 0 s:/
   i:/C=US/O=Let's Encrypt/CN=R3
 1 s:/C=US/O=Let's Encrypt/CN=R3
   i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
 2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3

That should fix the problem. If it still does not work for you, you seem to have two options:

  1. The safe way from the link above: trust ISRG Root X1 and upgrade OpenSSL to version 1.1.0 or later
  2. Unsafe but fast: disable CURLOPT_SSL_VERIFYPEER in your code