Mono .Net Core Https Error: TrustFailure (Authentication failed, see inner exception.)

var request = WebRequest.Create("Https://~~~~");

Error: TrustFailure (Authentication failed, see inner exception.)

 

Let's Encrypt Root CA 인증이 2021-09-30 만료되었음. Let's Encrypt https 인증 받는 사이트의 Mono .Net Core 서비스는 Linux 에서 인증오류가 발생함.

Mono applications cannot connect to a website using an SSL certificate issued by Let's Encrypt if their trust store includes the old DST Root CA X3 certificate that expired on 2021-09-30. This is due to a bug in OpenSSL 1.0.2 that is apparently present in Mono's fork of boringssl. Because of a bug openssl picks the expired certificate instead of picking the new one.

The impact is major as this affects any application fetching a remote webpage, or connecting to an API secured by an SSL certificate issued by let's encrypt.

 

On which platforms did you notice this

[ ] macOS
[x] Linux
[ ] Windows

Version Used:

Mono 12, 6.8, 5.2 and 5.1. Problem not present if the trust certificate does not include the expired certificate.

 

참고:

BoringSSL Bug: Cannot connect to websites using let's encrypt SSL certificates - Mono/Mono (issueexplorer.com)