Everyone, the DST root certificate we include (DST Root CA X3) expires on September 30, i.e. in two days. OVMS# tls trust list DST Root CA X3 length 1200 bytes 1200 byte certificate: DST Root CA X3 cert. version : 3 serial number : 44:AF:B0:80:D6:A3:27:BA:89:30:39:86:2E:F8:40:6B issuer name : O=Digital Signature Trust Co., CN=DST Root CA X3 subject name : O=Digital Signature Trust Co., CN=DST Root CA X3 issued on : 2000-09-30 21:12:19 * expires on : 2021-09-30 14:01:15* signed using : RSA with SHA1 RSA key size : 2048 bits basic constraints : CA=true key usage : Key Cert Sign, CRL Sign AFAICT, this root certificate is currently used by the OVMS to validate Let's Encrypt certificates. * https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ * https://letsencrypt.org/docs/certificate-compatibility/ Unfortunately, we missed adding the followup LE root certificate "ISRG Root X1" in time. I've just added that certificate to our builtin certificate repository, but it's too late now to roll out a "main" update in time (isn't it?). So, to prevent losing TLS connectivity with LE servers, users need to manually add the ISRG Root X1 certificate to their TLS repositories. I've added a section on this to our user manual: * https://docs.openvehicles.com/en/latest/userguide/ssltls.html If users contact you, point them to that page. We probably should also remove the expired DST root certificate after September 30. Regards, Michael -- Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal Fon 02333 / 833 5735 * Handy 0176 / 206 989 26