cURL on Ubuntu 14: all Let's Encrypt certificates are expired (error 60)

The reason is that the "DST Root CA X3" certificate has expired yesterday.

To fix it, just disable the certificate on your server. Run:

sudo dpkg-reconfigure ca-certificates

On the first screen that prompts "Trust new certificates from certificate authorities?" choose "yes". On the next screen press the down arrow key on your keyboard until you find mozilla/DST_Root_CA_X3.crt, press the space bar to deselect it (the [*] should turn into [ ]) and press Enter.


Edit the file /etc/ca-certificates.conf

Find and comment with ! the line like this

!mozilla/DST_Root_CA_X3.crt

Save the file and update certificates with command

sudo update-ca-certificates


FYI on CentOS like (RPM Based) systems, use:

yum reinstall ca-certificates