As of Friday 1st October 2021, we've become aware of an issue impacting sites that use the LetsEncrpyt SSL certificate - this is due to their certificate expiring however it is a certificate used by a vast array of websites so you are likely to encounter issues.
Below is what you will see if this is the issue:
Please do the following to resolve
For users on Ubuntu 16.04 (USS Gateway version 1.1.x/1.2.x)
1. Log into your USS Gateway via Putty or Virtual Machine. Then run the following commands
| sudo su |
| apt-get update |
| apt-get -y dist-upgrade |
| nano /etc/ca-certificates.conf |
2. Within this file, please find the line that reads mozilla/DST_Root_CA_X3.crt and change it to !mozilla/DST_Root_CA_X3.crt (i.e. add the exclamation point at the beginning).
Save and exit by hitting CTRL+O and CTRL+X
3. Run the following commands
| mv /usr/local/share/ca-certificates/Lets-Encrypt-R3.crt /root |
| mv /usr/local/share/ca-certificates/DSTRootCAX3.crt /root |
If you receive an error at this point, it means that the certificate has been removed by the update performed in step 1 and you can just carry on with the steps| update-ca-certificates --fresh |
4. Finally, either reboot or restart the proxy process from the proxy UI
For users on Ubunutu 14.04 (USS Gateway version 1.0.x)
1. Log into your USS Gateway via Putty or Virtual Machine. Then run the following commands
| sudo su |
| nano /etc/ca-certificates.conf |
2. Within this file, please find the line that reads mozilla/DST_Root_CA_X3.crt and change it to !mozilla/DST_Root_CA_X3.crt (i.e. add the exclamation point at the beginning).
Save and exit by hitting CTRL+O and CTRL+X
3. Run the commands
| mv /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt /root |
| update-ca-certificates --fresh |
4. Restart the squid process by running the following commands
| /etc/init.d/uss-squid stop |
| /etc/init.d/uss-squid start |