How to fix Let’s Encrypt's expiring DST Root CA X3 certificate on CentOS 7

Further to: Let's Encrypt's Root Certificate is expiring

Just run this in terminal:

rpm -qa | grep ca-certificates-2021.2.50-72.el7_9.noarch || yum update -y ca-certificates
1 Like

Corresponding tweet for this thread:

Share link for this tweet.


Honestly I’m curious, if people aren’t keeping their servers root certificate store updated, then what other lack of security is existing as well? If your root certificate has been updated at all in the past many years, you’d already be good for the old LE root non-dedicated certificate expiring as you would already have their own dedicated root certificate by this point.

1 Like

CentOS published that just 2 weeks ago:


1 Like

The last one was in early 2020? And it didn’t include the cert either? Surprising, lol

1 Like

RH don’t care about CentOS anymore :lol:

Can’t wait for #rocky Linux to get a stable release (can’t be far off now)

1 Like

Lol, for a long time apparently. ^.^;

1 Like