Gateways using MQTT / SSL with CA server signed cert from Lets Encrypt is broken

As planned, the Let’s Encrypt DST Root CA X3 cross-sign expired 30th September 2021

Video on the topic - DST Root CAX3 Expiration Sept 2021

They’ve made some changes to keep supporting older android clients, but this makes it incompatible with clients on older versions of openSSL, such as my Rak 7258 on openSSL 1.0.2j

I’ve manually edited the .pem file (on my server) to remove the offending certificate and now everything seems to be working.

I don’t pretend to fully understand this and hope it remains secure! Has anyone else run into this problem? How did you solve it?

I guess the proper fix is upgrading to openSSL 1.1.0+, but I believe that would require new firmware for the gateway

1 Like

What file do you edit? I´m facing issues installing helium gateway-rs service into my RAK7258 gateway and trying to add my gateway to the blockchain. Everything point to the expired certificate will cause a lot of troubles when we need connect the gateways to new and present systems.

Just Like reference Improve curl requests errors handling · Issue #120 · helium/gateway-rs · GitHub