A couple of days ago, three of our Ubuntu server received an unattended update in which the ca-certificates.crt file was updated.
One of the changes was the removal of the DST Root CA X3 root-certificate. This certificate is used as a root by Let's Encrypt certificates, and is almost expiring.
However, some trickery was applied to make the ISRG Root X1 have an extended lifetime.
What I do know, is that the Erlang SSL implementation does not seem to accept Let's Encrypt certificates anymore with { verify, verify_peer } since the update.
Fetching the same resource from the command line with, say, curl, does not cause any problems.
Has anyone else seen this issue? Is there a solution?
--