I get an SSL error when AWS Lambda invokes dependencies that use a Let's Encrypt certificate.
Some AWS Lambda .NET Core and Ruby runtimes are experiencing certificate errors due to an expired Let's Encrypt cross-signed DST Root CA X3. For compatibility purposes, Let's Encrypt certificates default to using a certificate chain that's cross-signed by the DST Root CA X3 certificate that expired on September 30, 2021. OpenSSL versions 1.0.2 and earlier return an error when one of the verification paths is invalid, which prevents the successful establishment of SSL/TLS connections.
The following resolution removes the expired CA from the CA bundle and forces the system to use the file provided by the layer instead of the file packaged with the base system. OpenSSL versions 1.0.2 and earlier are forced to validate Let's Encrypt certificates using the alternate path provided in the environment variables.
Important: The system's trust store is frequently updated to include new CA root cer