This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WEB Protection certificate expired message for lets encrypt certificates

Hello,

we use the sophos Web Protection with SSL scanning enabled. Since today afternoon we get a "certificate expired" message for websites secured with lets encrypt certificates.

i researched a bit and found out that today a root certificate of lets encrypt expired. i deleted the lets encrypt x3 and r3 CA certificates under Web Protection -> Filtering options->HTTPS CAs. And also deactivated the ISRG Root X1 certificate. Then restarted the Web Protection by toggling the Button under "Web Filtering". The issue still persists.

I also tried to clear the cache under Web Protection -> Filtering options->Misc. with no effect.

a website that is affected for example:https://letsencrypt.org/de/certificates/.org

other websites work quite well.

can someone help?



This thread was automatically locked due to age.
Parents
  • Found an easy fix for this (Thanks AlexRomp and others)

    1. If you see the Digital Signature Trust Co. DST Root CA X3 certificate (Web Protection -> Filtering Options -> HTTPS CAs) disable it

    2. Turn off and back on the "Web Filtering status" button under Web Protection -> Web Filtering.  

    Now after 30 seconds SSL Filtering will back up and everything will start working again

Reply
  • Found an easy fix for this (Thanks AlexRomp and others)

    1. If you see the Digital Signature Trust Co. DST Root CA X3 certificate (Web Protection -> Filtering Options -> HTTPS CAs) disable it

    2. Turn off and back on the "Web Filtering status" button under Web Protection -> Web Filtering.  

    Now after 30 seconds SSL Filtering will back up and everything will start working again

Children
No Data