DX Application Performance Management

 View Only

Peer certificate cannot be authenticated after Let's Encrypt CA Expiration on Sept 30th

  • 1.  Peer certificate cannot be authenticated after Let's Encrypt CA Expiration on Sept 30th

    Posted Oct 14, 2021 01:40 AM
    Hello!

    We have noticed a few alerts failing on scattered probes due to a CA expiration issue.

    The error message is:

    <domain> has not been working as specified since 2021-10-06
    04:11:42 GMT (UTC +00:00).
    
    Message: SSL certificate problem: certificate has expired (Peer certificate
    cannot be authenticated with given CA certificates)

    Performing some further investigation our certs are valid Let's Encrypt certs but this came to mind: DST Root CA X3 Expiration (September 2021)

    Letsencrypt remove preview
    DST Root CA X3 Expiration (September 2021)
    Update September 30, 2021 As planned, the DST Root CA X3 cross-sign has expired, and we're now using our own ISRG Root X1 for trust on almost all devices. For more details about the plan, keep reading!
    View this on Letsencrypt >


    It would seem this is happening on a subset of nodes within the probe network and I wanted to see if other folks in the community are seeing this issue, and/or if anyone from Broadcom/CA has an eta or work around for these intermittent alerts. Please advise :-) 

    thank you!