What has happened

On September 30, 2021, systems that use the IdentTrust DST Root CA X3 root certificate for Let's Encrypt certificate verification will be unable to establish a TLS/SSL connection because the IdentTrust DST Root CA X3 certificate has expired. This root was due to be replaced, but older systems may not be using the new root, ISRG Root X1.

Who is impacted

Any client system that is not using ISRG Root X1 certificate will be impacted by this. This includes many systems from 2016 or earlier.

Impact on MedStack Control users

Some client systems that send requests to MedStack Control such as service webhooks and the API may be unable to send TLS/SSL requests depending on the client system's root certificate.

How to resolve

Systems that do not use the ISRG Root X1 certificate should be updated immediately.

Github Actions

If you encounter this issue with requests sent to MedStack Control services through a Github Action, ensure that the job runs on a system that uses the ISRG Root X1 certificate. The latest linux-based image will support this root certificate.

jobs:
  build:
    runs-on: ubuntu-latest