Netdata Community

Certificate verification error connecting to the cloud

Symptom: Agent can’t connect to cloud after Sep 30th.

2021-10-01 13:13:09: netdata ERROR : ACLK_Main : [mqtt_wss] E: verify error:num=10:certificate has expired:depth=3:/O=Digital Signature Trust Co./CN=DST Root CA X3

TL;DRFor TLS certificates issued by Let’s Encrypt, the root certificate (DST Root CA X3) in the default chain expires on September 30, 2021 . Due to their unique approach, the expired certificate will continue to be part of the certificate chain till 2024. This affects OpenSSL 1.0.2k on RHEL/CentOS 7 servers , and will result in applications/tools failing to establish TLS/HTTPS connections with a certificate has expired message.

As of 24/9/21, upgrading ca-certificates package ( 2021.2.50–72 ) should fix the issue. Version 2021.2.50–72 removes DST Root CA X3 .