====== Why am I seeing "SSL Expired" or "Connection is not private" warning when I access to my website or webmail login page? ======

AfterOffice uses SSL certificates that are issued by [[https://letsencrypt.org/getting-started/|Let’s Encrypt]] for all of our customers' websites and secure webmail login pages. Let's Encrypt has two main root certificate:\\
  * **DST Root CA X3**: An older root certificate that are trusted and recognised by older devices (e.g. Windows XP prior to SP3, MacOS below 10.12.1)
  * **ISRG Root X1**: A newer root certificate that are trusted and recognised by newer devices (e.g. Windows XP SP3 and above, MacOS 10.12.1 and above)

As of Sep 30, 2021, Let's Encrypt has retired and discontinued the use of DST Root CA X3. If you are using an older device -- which do not trust/recognize ISRG Root X1 by default -- to access your HTTP websites or webmail login page, you will get an SSL certificate expiration warning. Read more: [[https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/|Let's Encrypt DST Root CA X3 Expiration]].

To resolve this issue, users are advised to update their device's software/system in order to be compatible with the new root certificate, or, use a newer device with an updated OS/system.

If system upgrade is not available, users who are using the following devices can try to install and trust the new root certificate manually.

  * [[faq:profile:how_to_install_root_cert_win_7|Windows 7]]
  * [[faq:profile:how_to_install_root_cert_macos|MacOS version 10.12 or older]]
  * [[faq:profile:how_to_install_root_cert_iPhone_iOS|iPhone iOS below version 10]]

Reference:
[[https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/|DST Root CA X3 Expiration]], [[https://letsencrypt.org/docs/certificate-compatibility/|ISRG Root X1 Certificate Compatibility]]