On September 30 2021, DST Root CA X3 expired which affected a lot of websites including my email provider and TMO. But I decided not to give up so I started looking into it. Apparently ISRG Root X1 is added in a CSSU update (i'm on testing) but for some reason it ignored the existent of the CA. After some further digging, I found this note on updating certs so I tried it: parse certdata.txt, transfer certs folder to MyDocs and run cmcli as said, still doesn't work So out of the blue I decided to just google "isrg root x1" and check out Let's Encrypt Chain of Trust. On that page I found root certificates along side with it's PEM files, there's another version with it cross-signed with DST X3 and that's something I never tried before as most of the certs on the device are self signed. I downloaded it and installed it on the device, lo and behold, TMO now loads on my N900 without an error and my email now works again! For good measure, I installed the ISRG X2 cert as well. Now my N900 on Fremantle is useful again.