OP
теперь понятно, откуда такая щедрость)
We wanted to provide you more information on the Let's Encrypt certificate expiry that occurred earlier today, September 30th 2021. Impacted customers will see attempts to connect to some websites or APIs fail with errors like "connection failed" or "issued certificate has expired".
Let's Encrypt is a Certificate Authority providing TLS certificates to many websites and services running on the Internet today. As a certificate authority, Let's Encrypt provides a certificate chain that is used by web browsers and application to validate the certificates used by websites when establishing secure TLS connections. As with all certificates, these certificate chains have an expiry date. To prepare for expiry, Let's Encrypt have been dual signing their certificate chains with both the old certificate (expiring September 30th, 2021) and a new certificate. This is one way Certificate Authorities can handle certificate expiration. While this approach has ensured that many websites and applications are not affected by the Let's Encrypt certificate chain expiry, there is a known issue with OpenSSL where the dual signing of the certificate chain was not handled correctly. OpenSSL versions prior to 1.1.0 do not properly handle dual chains and consider the chain invalid if one of the certs are expired. Additional information from the OpenSSL Blog can be found here.
For customers seeing impact with an AWS service - including AWS Lambda, AWS Elastic Beanstalk, Amazon OpsWorks, Elastic Load Balancing and Elastic MapReduce (EMR)- we are working to apply the necessary fix to the affected services. We have published updated RPMs for the affected Amazon Linux distributions. Customers running AL 2012 or AL2 can refer to this Knowledge Center article for instructions on how to update from the CDN.
