Starting 30th September 2021, users of Smoothwall On-Premise Filter may find certain websites are blocked with the below message:
Users of Cloud Filter are unaffected.
To solve this problem
Download the latest Let's Encrypt R3 Intermediate Certificate from: https://letsencrypt.org/certs/lets-encrypt-r3.pem - or from https://resources.smoothwall.com/hubfs/Knowledge_Base/lets-encrypt-r3.pem if the first link is blocked on your Smoothwall system.
1. Ensure your Smoothwall is on update Leeds-38 or later.
2. On your Smoothwall system navigate to System > Certificates > Certificate Authorities
3. Browse for the downloaded file and click 'Import CA certificate from PEM':
3. This error message is harmless and can be ignored:
4. Find the 'DST Root CA X3's Digital Signature Trust Co. certificate' certificate authority, tick the box to the right and press the delete button at the bottom of the page.
The following steps may not be required, but if you are still experiencing problems then please perform these actions:
5. Clear the cached certificates in Guardian > HTTPS inspection > Settings
6. If the site is still blocked, go to Web Proxy > Settings and press Save and Restart
7. The website should now be accessible with no further changes, but if you are still getting the "Server's certificate has expired" error then please get in touch.
If you have a clustered Parent/Child Smoothwall setup
This certificate should be replicated to all child nodes if you make the change on the parent, but depending on your replication settings this may vary - so check on a child node a few minutes after making the change to ensure that the certificate is present:
The second red cross simply indicates that this certificate was manually imported and is not a concern.