SSL certificate expiration on 2021-09-30 using raspberry pi to upload to

API calls after 2021-09-30 14:00:00 UTC return with SSL3_GET_SERVER_CERTIFICATE:certificate verify failed. Did the SSL certificate expire?

I’d say so. Lots of websites are having SSL certificate issues today. Main trust root certificate expired September 30th.

Actually, this might be an issue locally related to certs on my rpi, I am able to manually use the API from a different machine, investigating now.

Client ca-certificate updates did not help, but ran into this:

Let’s Encrypt DST Root CA X3 expiry Sept 30th 2021 | Certify The Web Docs

@grumpson Is this something we need to fix on the Pi or do we need to wait for it to be fixed?

I tend to say it is a local issue on my rpi (fine on my other machines), as a simple wget fails ‘certificate not trusted’ despite attempts to get the latest root cert from Let’s Encrypt, still fighting.

On my Arduino I am still publishing data to…a quick look at my code and I’m not using SSL.

http, not https


I’m using https. Got it sorted, python requests needed to be updated on my rpi.

My pi with sbfspot stopped uploading last night. (Mountain time USA)
Suspect similar issue.

Do you happen to have a document to explain how to do this update for python requests?
or is it the usual suspect: sudo apt-get update & & sudo apt-get upgrade?

This is always a good start:

sudo apt-get update
sudo apt-get upgrade


sudo update-ca-certificates    

If using python,

export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt

Check if that is actually being used:

>>> import certifi
>>> certifi.where()

To upgrade requests:

pip install requests -U

or for older python:

pip install requests[security] -U

Further reading here (especially if using old Python versions): Python Requests - How to use system ca-certificates (debian/ubuntu)? | Newbedev

Not sure which python you are using, 2.7 is getting quite troublesome, 3.7+ seems much better on this front as well.

The expired root certificate (DST Root CA X3) has been removed and replaced with new root (ISRG Root X1).

1 Like