Let’s Encrypt Certificate issue

Let’s Encrypt Certificate issue

Summary & Quick Fix

Updated on 22nd Oct 2021

If your website cannot verify API, or you see SSL expiration notice in your WP-admin, your hosting provider hasn’t run the update for Let’s Encrypt and OpenSSL yet.

Although it is not our problem, we updated Citadela and the old AIT Framework2 themes. 

We recommend you update your theme to run website again (AIT FW2 users), or to disable the notification in wp-admin (Citadela users). 

Probably you must do a manual update. It means you can delete the theme through Appearance and upload the new zip file. Or you can do that through FTP if you know how to do that.

What to do after the theme update?

Theme update solves just “theme” part of your problem. After this update, please urge your hosting provider because your website can also have problems with other WP resources.

This issue is caused by old SSL certificates on your web hosting, not by our products. However, we decided to make the update to help you ASAP.

Long Story – What did happen at the end of September?

Since the end of Sept, many websites have had an SSL certificate issue due to the end validity of DST Root CA X3 on 30th Sept 2021. The Let’s Encrypt certificate uses its own ISRG Root X1 for trust. 

Besides Let’s Encrypt, hosting providers must run the update of the OpenSSL certificate. It is a critical and common failure these days. 

We double-checked all our certificates several times to be 100% sure they are up-to-date.

We recommend you to check your WordPress Admin Updates dashboard if you see the notification:

AIT Updater could not check updates for plugins. Reason: cURL error 60: SSL certificate problem: certificate has expired

You can also check the validity of your SSL certificate via the lock icon.

What to do in case of expired SSL certificate

If you see an error notification, it means the certificate change was not reflected on your server. You must contact your hosting provider.

Please get in touch with your hosting provider to fix this issue. They must update their servers. Also, it can help you to regenerate a new SSL certificate for your domain.

Your hosting provider must also run the updated version of OpenSSL. Please make sure they updated their servers, as the old OpenSSL version on your hosting will cause the error.

We double-checked our servers and did the update last week before the announced day.

AIT Updater actual version for legacy products

Furthermore, to run your website on AitThemes WP products, you must have AIT Updater version 5.1.3 installed (released on 26th Aug 2021) and your domain API’s save in both inputs:

  • Theme Admin -> AIT Updater 
  • Theme Admin -> Theme Options -> API Key