Some VPS instances might be experiencing expired certificate errors due to an expired Let's Encrypt cross-signed DST Root CA X3. Instances running the following operating systems might not be able to connect to servers using Let's Encrypt certificates. These operating systems might also not be able to access the Let's Encrypt endpoints to issue or renew certificates after September 30, 2021:

For compatibility purposes, Let's Encrypt certificates default to using a certificate chain that's cross-signed by the DST Root CA X3 certificate that expired on Sept 30th, 2021.

With OpenSSL 1.0.2, the untrusted chain is always preferred. This means that the expired certificate is seen and the entire chain is distrusted as expired. Servers with the affected version of OpenSSL and the DST Root CA X3 certificate in their root store can't issue or renew Let's Encrypt certificates. Impacted servers also can't access servers that are using them.

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html

The issue can be fixed easily by connecting to your VPS via SSH and using one of the commands below, based on your Operating system:

CentOS 6

CentOS 7

Debian/Ubuntu

or