DST Root CA X3 Expiration (September 2021) for Custom URLsSummary<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } ServiceNow uses Let's Encrypt certificates in Custom URLs. One of the roots used by Let's Encrypt will expire on September 30, 2021. Here is the Let's Encrypt announcement: DST Root CA X3 Expiration (September 2021) Let's Encrypt has prepared another root certificate so that all certificates that are currently valid will not be affected by the expiration. However, the following devices may be affected: Blackberry < v10.3.3Android < v2.3.6Nintendo 3DSWindows XP prior to SP3 cannot handle SHA-2 signed certificates Java 7 < 7u111Java 8 < 8u101Windows Live Mail (2012 mail client, not webmail) cannot handle certificates without a CRL PS3 game consolePS4 game console with firmware < 5.00 Integrations to ServiceNow instances may also be affected if both of the following are true: they are using the Custom URL as the address instead of the <instance>.service-now.com addressthey are in the list above OR they have hardcoded certificates (i.e. their certificate chains are not up to date and specific certificates with specific intermediate/root certificates have been configured as trusted) If you are unable to access a Custom URL after September 30, 2021, and experience certificate errors, please report the issue to Customer Support along with the output of the following command from the affected systems: openssl s_client -showcerts -connect <custom URL>:443Related Links<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Please see "Let's Encrypt Old Root expiration" for a detailed discussion of the change.