It’s worth noting as well that this affects openssl 1.0.1 even if they
have the new root cert.
So curl on Debian 8, Debian 9, OSX 10.14.6 etc. will report SSL
certificate expired.
Browsers there will work, but APIs might fail.
I wrote about it a little here with a (per-server) workaround:
h
I meant to post this when it happened, and I think I forgot. :-}
The SSL Root cert that underlies Let's Encrypt's root expired on 30-Sept,
and the new root that underlies it is not in the Root Certificate Package of
some still pretty widely deployed OS versions, including OS/X <10.12.1.
Lots of
