Letsencrypt verification failed

One of my UCS running Let’s Encrypt app generated the same warning yesterday after an update:

/etc/univention/letsencrypt/signed_chain.crt: verification failed

Online search brought back Let’s Encrypt earlier announcements about changes to their intermediate CA certificates.

My current LE certificate was valid, but the absence of the R10 intermediate certificate locally, which was used to issue the LE SSL was failing the UCS diagnostics. I’m not sure if R10 would ever flip to R11 in the future or not, so I downloaded both R10 and R11, created needed symlinks and refreshed the certificates to fix the issue.

wget -O /etc/univention/letsencrypt/lets-encrypt-r10.pem https://letsencrypt.org/certs/2024/r10.pem

wget -O /etc/univention/letsencrypt/lets-encrypt-r11.pem https://letsencrypt.org/certs/2024/r11.pem

ln -s /etc/univention/letsencrypt/lets-encrypt-r10.pem /etc/ssl/certs/lets-encrypt-r10.crt

ln -s /etc/univention/letsencrypt/lets-encrypt-r11.pem /etc/ssl/certs/lets-encrypt-r11.crt

update-ca-certificates -f

Hopefully this will be helpful to someone. Cheers.