Over the weekend, we have taken steps to remove the offending expired AddTrust External CA Root from our certificate bundles. This has resolved SSL issues with our API for most of our merchants. We are still working to reissue our certificates in a manner that these much older clients can trust.
Some merchants may still experience issues accessing the Chargify API via a client that does not have updated trusted root certificates.
In the meantime, Chargify merchants can fix this for themselves by adding more recent root certificates to their trust stores. Add either one of these to the certificate store used by your client:
https://crt.sh/?id=1199354https://crt.sh/?id=1720081Note the “Download Certificate: PEM” link on the above webpages to obtain the certificate.
For example, if you are using curl as your client, you can specify a certificate authority file to use:
curl --cacert /etc/ssl/1199354.crt -u API_KEY:X
https://subdomain.chargify.com/subscriptions.jsonThe above is an example. How to install or use the updated certificate is dependent on your client.
You can learn more here:
https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA03l00000117LT