I wanted to post this because earlier today we experienced a lockout of our remote access to atlas using credential based access keys. We have a 1 year expiration on an account that suddenly could not authenticate on any host to atlas, despite the server being online.
Did a little digging and recreated the certificate; all of a sudden logins are working again.
I reviewed a previous forum entry here: Keep getting ServerSelectionTimeoutError - #11 by Stennie_X that discussed an issue with letsencrypt rotating the root certificate in 2021 which force expired a lot of credentials reliant on the old root CA.
So I took a look at lets encrypt’s page and discovered that they are rotating intermediate certificates as of today (june 6th, 2024) → Deploying Let's Encrypt's New Issuance Chains - Let's Encrypt
It is my assessment that this change is causing existing certificate logins to atlas to fail, and they will need to be recreated to bypass this issue.
On **Thursday, June 6th, 2024**, we will be switching issuance to use our [new intermediate certificates](https://letsencrypt.org/2024/03/19/new-intermediate-certificates). Simultaneously, we are removing the DST Root CA X3 cross-sign from our API, aligning with our strategy to shorten the Let’s Encrypt chain of trust. We will begin issuing ECDSA end-entity certificates from a default chain that just contains a single ECDSA intermediate, removing a second intermediate and the option to issue an ECDSA end-entity certificate from an RSA intermediate. The Let’s Encrypt staging environment will make an equivalent change on April 24th, 2024.
Logging here in case it helps anyone else, as I envision we won’t be the only users locked out unexpectedly.