One of our customers submitted a ticket that the https://primer.com SSL certificate is not valid on their old macbook, due to the expired root.

The certificate itself is set to expire in 2 months - December 30th 2021; and this issue could be possibly related to https://www.ghacks.net/2021/10/02/some-mac-and-android-users-experience-website-connection-issues-caused-by-expired-lets-encrypt-certificates/

Is it possible to switch our certificate? Anything else we can do to fix this issue?

Your root certificate simply expired and you’d need to make sure that gets updated. If your operating system vendor does not offer that you could try to update the certificate manually in your truststore.

Otherwise you could only try to switch CA and get a Digicert certificate. For that you can use the undocumented certificate_authority field of the Cloudflare API v4 Documentation call.

curl -X PATCH "https://api.cloudflare.com/client/v4/zones/[zone_id]/ssl/universal/settings" \
     -H "Content-Type: application/json" \
     -H "X-Auth-Email: [YOUR-EMAIL-ADDRESS]" \
     -H "X-Auth-Key: [YOUR-GLOBAL-API-KEY]" \
     --data '{"certificate_authority": "digicert"}'

Though, that’s rather a workaround and that root certificate will also expire, so it would be best to really rather fix your local truststore. Not only because you’ll have the issue with all other sites with Let’s Encrypt certificates.

Thank you for the answer!

Pleasure. You should find updated certificates at Chain of Trust - Let's Encrypt.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.