Let's Encrypty update causing issues

We have verified that there was an issue (on Cloudways end) with the update of the Let’s Encrypt older root certificate (DST Root CA X3) to their newest version (ISRG Root X1), which is causing some sites not to be able to connect to their MainWP Dashboard.

Cloudways is currently working on a fix, and we do not have an ETA.

You can watch CloudWays status on the problem at https://status.cloudways.com/

This issue may affect other hosts, too, but we only have confirmation from Cloudways.

Information on the Let’s Encrypt change can be found here: DST Root CA X3 Expiration (September 2021) - Let's Encrypt

2 Likes

If you check your MainWP Server Status and see anything less than 1.1 in cURL SSL Version, you’ll need your host to update their OpenSSL install.

A temporary workaround will be to tell your Dashboard to ignore SSL errors by going into Settings–>Advanced Settings and turning off Verify SSL certificate.

3 Likes

I had problems with all my sites on Cloudways and Raiola (OVH). The Raiola ones are fine now, but the Cloudways ones keep crashing.

I am running my MainWP on Cloudways but turning off this option does not help.

I don’t understand this issue…

My MainWP dashboard site is hosted with Cloudways and this site seems to be working fine. This website is running with a default Cloudways URL which is not using a Lets Encrypt certificate.

My child sites are not hosted on Cloudways, but on another host and all my child websites are running with an Lets Encrypt certificate but they all seem to be working fine.

So how is it possible that I can not connect my dashboard site with my child sites? Is there a problem with Cloudways> Or in my specific case; is the problem with the other host where my child sites are running?

Thanks very much for the help :slight_smile:
Alwin

I see that MainWP is not the only plugin affected by this issue. My MainWP dashboard is on another host but I do have a client website installed on cloudways. The MainWP Child Plugin works fine (at least it synchs and updates plugins) but I did find another plugin (not related to MainWP) having an issue.

WPVivid Backup is now having an SSL issue when it attempts to upload the backup to my OneDrive. Here is the error I get:

Backup:failed. cURL error 60: SSL certificate problem: certificate has expired
Backup Type:Cron

I assume there must be a similar problem that MainWP has.

I got in touch with Cloudways support earlier today, and after a couple of hours, I got confirmation that the problem is resolved on their side.

As per my testing, it is solved.

The update is visible on their Status Page.

1 Like

If you use the global settings you have to keep in mind that on the child site the verify ssl setting needs to be use global settings. because if you set yes or no the global settings do not work.

1 Like

I got an update from the Cloudways team about the problem and how they fixed it:

One of the Let’s Encrypt root CAs has expired. We removed that Certificate and updated the list of CA certificates

rm -f /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
update-ca-certificates -f

Then we updated curl on the server and restarted Nginx.

The problem was on Cloudways. So somewhere in the technology stack when your CW server needed to communicate with child sites, the certificate chain didn’t work because it no longer trusted those Let’s Encrypt certs.

3 Likes