Gpg4win LetsEncrypt issue

Andrew Gallagher andrewg at
Thu Dec 30 21:53:09 CET 2021

> On 30 Dec 2021, at 16:27, Alex Nadtoka <alex.nadtoka at> wrote:
> Even if I remove root certificate from the server it will be added again on renewal.

It is the client that needs the ca certificate to be removed, not the server. The root cause is that there is more than one verification path possible and unpatched openssl versions pick the wrong (expired) option. 


More information about the Gnupg-users mailing list