By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Origin SSL check fails with the NEW Letsencrypt Issuer

0

Certificates on the origin from Letsencrypt worked fine for years now.
Yesterday one of the ssl certificate of a websites got renewed successfully.

But now cloudfront makes a 503 error only for this website (one of many)
other website with an older certifacte from letsencrypt still working fine.

The only difference is that LetsEncrypt now signes with a new issuer
Old issuers was: "Let's Encrypt Authority X3"
New issuer is: "R3"

Issuer Certifactes
https://letsencrypt.org/certificates/

There are two Intermediate certifiactes,
this one make the issue:
https://crt.sh/?id=3479778542

Issuer Statement:
https://letsencrypt.org/documents/isrg-cps-v3.0/

It seams that cloudfront dont trust the certifactes from the new letsencrypt issuer "R3"

Edited by: Zetanova on Dec 5, 2020 9:00 AM

Topics
Networking & Content Delivery
Tags
Amazon CloudFront
Language
English
Zetanova
asked 3 years ago257 views
1 Answer
0

My hosting system virtualmin only renewed the certificate but not the Intermediate certificate.

After updating the Intermediate certificate manually it is working again

Zetanova
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content