Last Updated on August 6, 2022 by Thiago Crepaldi
If you recently upgraded to pfSense 2.5, you may have received notifications about some CA/Certificate entries close to expiring. The exact message would be something like “The following CA/Certificate entries are expiring: Certificate Authority: Acmecert: O=Let’s Encrypt, CN=Let’s Encrypt Authority X3, C=US”
The fix is quite simple, just visit System >> Cert Manager >> CAs and find the entry “Acmecert: O=Let’s Encrypt, CN=Let’s Encrypt Authority X3, C=US”. You should see a “Valid until” in yellow, with a near by date (less than 30 days, usually). Note also there is a “X3” in the CA name. Just click on Delete (trash bin icon) and confirm clicking on Ok.
This is safe to do because you must have another CA for Let’sEncrypt which contains “R3” in the name. Something like “Acmecert: O=Let’s Encrypt, CN=R3, C=US”
That is it, have fun!
7 thoughts on “How to fix the X3 CA/Certificate issue after upgrading to pfSense 2.5”
Thanks for this!
I just love your blog, thanks!
quick question. Do you think that having screenshots would improve your experience or a raw text as today is better? I have been considering updating all posts with screenshots, but not sure whether it would make it look too long to follow or something
In my case is “R3” CA that is going to expire. What can i do to update CA cert?
You probably figured by yourself, but the procedure is almost the same. Make sure you have a CA called “Acmecert: O=Internet Security Research Group, CN=ISRG Root X1, C=US” (highlight to ISRG Root X1) and another non expired R3 (aka Acmecert: O=Let’s Encrypt, CN=R3, C=US). If you do, just delete the expired one. Don’t forget to renew all your Let’s Encrypt certificates after that.