Fixing Expired Server Certificates

Owned by BrightSign TechDocs
Last updated: Feb 23, 2024
1 min read

When browsers and players connect via HTTPS, they must get a valid certificate from the server to authenticate a website. The server certificate is issued and validated by a Certificate Authority certificate. These CA certificates have an expiry date, as do all the certificates in the chain that were used to sign it. The certificate on the server may still be valid, but if the root certificate or any other certificate in that chain that signed it expired, you must get a new certificate to protect your server which now has unexpired certificates for each step in the chain to the root CA.

BrightSign recommends that users keep their OS updated. Since BrightSign trusts more current lists of CAs, you will have less chance of encountering certification problems.

If you need to fix this problem, ask your IT department to obtain a new SSL certificate for you and have them install it on the server.

These references provide further information about this issue:

https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/

https://techcrunch.com/2021/09/21/lets-encrypt-root-expiry/

https://community.letsencrypt.org/t/help-thread-for-dst-root-ca-x3-expiration-september-2021/149190