[#ZBX-20031] Let's Encrypt's new ISRG Root X1 not trusted in web scenarios

[ZBX-20031] Let's Encrypt's new ISRG Root X1 not trusted in web scenarios Created: 2021 Sep 30 Updated: 2021 Oct 04 Resolved: 2021 Oct 04
Status:	Closed
Project:	ZABBIX BUGS AND ISSUES
Component/s:	Server (S)
Affects Version/s:	5.4.4
Fix Version/s:	None

Type:

Incident report

Priority:

Trivial

Reporter:

Pierre

Assignee:

Zabbix Support Team

Resolution:

Won't fix

Votes:

Labels:

None

Remaining Estimate:

Not Specified

Time Spent:

Not Specified

Original Estimate:

Not Specified

Description

Steps to reproduce:

Start a zabbix/zabbix-server-pgsql:alpine-5.4.4 docker container with it's related services
In the web GUI, define a host
Create a web scenario pointing on a valid Let's Encrypted domain
In Authentication, check both "SSL verify *" options

Result:
Zabbix problems will claim:
> SSL peer certificate or SSH remote key was not OK: SSL certificate problem: certificate has expired

Expected:
No problem with the web scenario

Suspected:
The root certificate expiration mentioned here:
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
Not sure how to check which openssl version we are using here.
Seems like it's < 1.1.0

Comments

Comment by Dmitrijs Lamberts [ 2021 Oct 04 ]

Does not seem like Zabbix issue.
You already shared URL where this behavior is explained.

Generated at Wed Apr 30 06:35:12 EEST 2025 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.