I've been aware of the upcoming expiry of the DST Root CA X3 certificate which expired on 30th September 2021. My ISPconfig install has continued to renew and produce certificates via LE, but it looks like it's continuing to use the old certificate chain going back to the now expired root CA. Here's a typical chain in all my created / renewed certificates as shown by FileZilla: 0 - server certificate ok 1 - Intermediate 1 -> R3 Let's Encrypt - expiring 15/09/2025 2 - Intermediate 2 -> ISRG Root X1 - expiring 30/09/2024 3 - Root -> DST Root CA X3 - expired 30/09/2021 I've read about the issue, LE have detailed it here: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ What I don't understand is according to the signing chain detailed here: https://letsencrypt.org/certificates/ the cross-signing doesn't appear to be working, used or recognised. HTTPS certificates seem to be OK when used with Firefox and chrome. FTP is OK when used with FlashFXP. But when using FileZilla, it complains about the expired DST Root CA X3 certificate. So is there something I should do about it? Is it something that should go away in the near future during a renewal? I'm not too worried about it apart from when a client wants to use FileZilla and gets the warnings about the expired root used in the chain.