SonicWALL DPI-SSL: Web Site Connections Certificate Errors

In regards to your case, Let’s Encrypt saw one of its root certificates expired recently, however to correct the issue they obtained a cross-signature from ISRG Root X1 for its own certificate that’s valid for longer than the signing root. Because of this change some clients may need to update, rebing or install this new certificate.

For a SonicWALL Firewall using DPI-SSL this can be accomplish by enabling the “Always authenticate server for decrypted connections” and then “Allow Expired CA” under DPI-SSL > CLIENT SSL, load the failing page, and then it should be safe to disabled this options again. Once this has been done the issue should be resolved for all pages affected by this problem. Another alternative would be to disable DPI-SSL and then Re-enabling it, although this change would be more impacting as it will reset the current proxy connections.