Letsencrypt stopped working on old operation system

All our domains serve by Caddy new version stopped working on old operation systems like:
MAC El Capitan
Windows XP

What can I do in Caddy configuration so it will keep working on those old operation systems?


This is because Let’s Encrypt’s old root CA cert has expired recently.

Old OSes no longer get updates, so they don’t have the new root CA cert for Let’s Encrypt.

Your options are:

  • Yell at your users and tell them to update their insanely outdated software. It’s important for security reasons.

  • Tell your users to install the new root CA cert in their system trust stores.

  • Tell your users to use modern browsers which ship their own trust stores (Firefox and Chrome should at this point, I can’t seem to find which version Chrome started doing this, but there was talk about it some months ago)

  • Configure Caddy to only use ZeroSSL and not Let’s Encrypt – ZeroSSL’s root CA cert is still trusted on old devices because it’s a subsidiary of Sectigo. To do this, you’ll need to delete your existing certificates in Caddy’s storage issued by Let’s Encrypt, then add this to your config’s global options at the top of your Caddyfile:

    	cert_issuer zerossl

This topic was automatically closed after 30 days. New replies are no longer allowed.