Trouble with Let's Encrypt cross-signed certificate?


I’ve been using a third-party library (pyTwitchAPI) for subscribing to events for a few months. But last week my app stopped working out of the blue, with no code change on my part.

I checked with several library users but everything is fine with them. I’ve yet to do more thorough debugging but I strongly suspect this has something to do with my X.509 certificate, which is issued by Let’s Encrypt.

More precisely my cert is issued by ‘Let’s Encrypt R3’, which was cross-signed by both a valid root (ISRG Root X1) and another root (IdenTrust) which expired on September 30th. Which is exactly the day my app stopped working.

It’s related to some issues e.g. a plain wget on my server from my Debian 10 fails with a ‘certificate has expired’ error, even though I’m actually presenting the new, valid root.

Could it be that Twitch stopped trusting the R3 certificate altogether because of the cross-signature?

See this post

Which describes a solution

Thanks for the quick reply, I’ll validate the answer once I’ll get to check.