Temporary solution for resolving issue with LetsEncrypt root certificate
This guide should only be followed if you have a
LetsEncrypt SSL certificate and started having connection issues after
30/09/2021.
On September 30 2021, Let's Encrypt updated their ROOT certificate. This has caused various issues with connectivity for email clients and web traffic, often with a message about an 'expired certificate'. As per their press release (below), the old root certificate 'ISRG Root X1' expired on 30/09/2021 and was updated from their side.
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
However, any LetsEncrypt SSL Certificates that are currently in use will still show the old, now-invalid certificate in their CA Bundle. To get emails and web traffic working as normal again, the most straightforward solution is to uninstall and reinstall your current certificate, but download the new CA Bundle.
Step 1 - Log into cPanel and click on
SSL/TLS.
Step 2 - Select
Manage SSL Sites.
Step 3 - Under 'Manage Installed SSL Websites', select
Uninstall.
Step 4 - Select
Proceed.
Step 5 - Further down the page under 'Install an SSL Website',
Select the domain corresponding to the SSL Certificate you just uninstalled.
Step 6 - Select
Autofill by domain.
Step 7 - Remove the contents of the
Certificate Authority Bundle box as below. Leave the other boxes as they are.
Step 7 - Select
Install.
This will reinstall the same certificate, but force a re-download of the CA Bundle containing the updated LetsEncrypt ROOT Certificate.
After this has been done, allow a few minutes and restart your email clients, then try to connect again. This should resolve the issue, and we will post more details to our status page as they become available.