Certificates on the origin from Letsencrypt worked fine for years now.
Yesterday one of the ssl certificate of a websites got renewed successfully.
But now cloudfront makes a 503 error only for this website (one of many)
other website with an older certifacte from letsencrypt still working fine.
The only difference is that LetsEncrypt now signes with a new issuer
Old issuers was: "Let's Encrypt Authority X3"
New issuer is: "R3"
Issuer Certifactes
https://letsencrypt.org/certificates/
There are two Intermediate certifiactes,
this one make the issue:
https://crt.sh/?id=3479778542
Issuer Statement:
https://letsencrypt.org/documents/isrg-cps-v3.0/
It seams that cloudfront dont trust the certifactes from the new letsencrypt issuer "R3"
Edited by: Zetanova on Dec 5, 2020 9:00 AM