Let's Encrypt の証明書と OpenSSL 1.0 系の組み合わせで使っている場合には 6 月以降に問題が出るようなのでメモ。
最近のディストリビューションだと OpenSSL は 1.1 系だと思いますが、CentOS 7 とかだと要注意ということですかね。

OpenSSL Client Compatibility Changes for Let’s Encrypt Certificates - API Announcements - Let's Encrypt Community Support

There is one notable exception: OpenSSL versions 1.0.0 through 1.0.2 will reject the Android-compatible chain, regardless of whether they have ISRG Root X1 in their trust store. If you do nothing, your ACME client will choose the Android-compatible chain by default, which we think is the right choice for most sites. If you know your site or API has to support devices running OpenSSL 1.0.x, you'll want to choose the alternate (shorter) chain that supports OpenSSL instead of Android (and then update to the latest OpenSSL). We think the OpenSSL issue is most likely to affect IoT devices that aren't getting updates from their manufacturer.

このエントリへのTrackbackにはこのURLが必要です→https://blog.cles.jp/item/12292