https://wpencryption.com/r3-root-expired-not-trusted/ seeing this now... active valid cert and not expired ... yet not trusted .. How do we go about updating the intermidiate... / removing the cert completely....??? can do self signed and then use CF to secure that... but this is no go... HSTS would prefer to remove that... but don't see the setting to remove that..
Non issue - appears to have been my issue.. vs LF issue.. still odd... fix for me... Remove LE Cert > by changing to self signed cert.. odd because normal LE behaviour checks 80 then 443 if no 80 response... verify and fix inbound rules (was using only https had blocked http) re-enabled inbound http rules > verified http good - Changed from forced HTTPS (bad setting if LE needs inbound 80 apparently with LF script - ok by me) > both http * https (disabled hsts) --- due to using CloudFlare - had to also disable https rewrites and make sure inbound 80 was clean... removed the proxy temporarily as well. now able to get inbound without https and working Then - Changed Cert back to LE.. got out and got new cert ... without any issue. Back into CloudFlare and re-enable Proxy & SSL (https) rewrites for all my inbounds Firewall still will allow inbound 80 - which I'm going to also disable until its needed.. but this will server as it being ":My Fault" Now I'll go sit in a corner and complain about why we don't have a DNS Challenge option!!!! ;p
The older LF server versions <3.5.13 or LF servers which do not have enabled the system updates, do not have updated the ca-certificates package which removes the recently expired DST Root CA X3 certificate. This causes the installed Let's encrypt certificate on LF servers is not considered as trusted. To fix that you need to update to >=v3.5.13 first. Then Re-validate the LE certificate in "Admin > System > Certificate" settings.
Yup... Support also noted there was an issue with the AutoUpdater.. I hadn't checked the update - just that I got my daily email report that it was alive.. Since the updater was busted - the server wasn't updating.. So updated it and also set the newer settings to update LF + Server Security - good option there added. However now that I'm all updated - a few more issues now have cropped up.. SSL good - sort of.. for years I've never allowed inbound http at the firewall and rewrite http to https via Cloudflare... all my certs renew because default LE behavior is try http then second go to https and it just works... but probably does require a valid cert.. so initial run - must have http open I guess... I opened then closed it back down - so we'll see how renewals run in Jan now.. ---- Upgrade issues with template / customizations. finding that customizations are a mess.. reponsive menu doesn't work in Admin - at least for me... which is probably a cache issue... but tried another browser and had same issue... so maybe not.. also logo provided doesn't get responsive sizing - and overtakes the entire login screen... (most likely my fault as well but just noting in case its something that wasn't entirely my doing... - I'll forward that info over to support as well.)
