Fresh install with expired DST Root CA X3

I have just install hcp 1.5.1 with debian 11. And installed ssl for a domain. When I do a chain check for ssl, I am getting :

Let’s Encrypt Legacy Chain (Supports older devices)

This Let’s Encrypt chain includes the expired DST Root CA X3 in order to remain compatible with older operating system such as Android 7.0 and lower.

How can I fix it?

It is not an error message but only a warning it can be ignored.


I don’t know how you can disable the older certifcate

No it can not be ignored because some client are getting invalid cert error in chrome. I think because of old windows version.

Not related to hestia: Can't send emails - #23 by eris

Also, Windows 7 isnt supported anymore since a long time…

They have to switch to Firefox.

The old root certificates are not valid any more and can’t be replace by use. It needs to be done by the user it self…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.