As of September 30th, 2021, the DST Root CA X3 certificate that is used in the chain of trust for Let’s Encrypt expires causing clients that do not recognize ISRG Root X1 to fail security checks when accessing sites that use Let’s Encrypt for their SSL provider.
The details about this issue can be found in the following post made by Let’s Encrypt about this issue
The problem is not specific to the MediaCP software and affects many users using LetsEncrypt certificates. Many cPanel users are also experiencing the problem are also experiencing the problem.
Our technical team have done some further research and we’ve written this guide on how to solve the problem on any CentOS or Debian machine.
How to check if you are affected?
Checking for the issue is simple, run the following on your MediaCP system (replacing your-domain.com with your actual domain name).
curl https://your-domain.com:2020 > /dev/null
If there is a problem then you will see the error “(60) SSL certificate problem: certificate has expired” but do not worry, your certificate is not necessarily expired and the solution is simple.
Workaround
CentOS 7+
For servers running CentOS 7 or higher, the issue has been solved in recent operating system updates. We recommend running the following on your system as root user.
yum clean all; yum -y update; yum -y install ca-certificates; yum -y update ca-certificates; update-ca-trust;
Debian Servers
For Debian servers, the problem can be solved simply by running the following on your system as root:
mv /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt.backup; sudo update-ca-certificates;