SSL certificate issue for *.openfoodfacts.org prevents connection for some old clients

[stephanegigandet]

On some older clients, we have SSL issues when trying to access https://world.openfoodfacts.org:

e.g. on one of my very old servers:

# wget -S -v https://world.openfoodfacts.org
--2021-10-07 13:50:19--  https://world.openfoodfacts.org/
Résolution de world.openfoodfacts.org (world.openfoodfacts.org)... 213.36.253.206
Connexion vers world.openfoodfacts.org (world.openfoodfacts.org)|213.36.253.206|:443...connecté.
ERREUR : le certificat de «world.openfoodfacts.org» n'est pas digne de confiance.

Also reported on Slack:

URL error 60: SSL certificate problem: certificate has expired (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://world.openfoodfacts.org/api/v0/product/80408765.json
This is probably related to letsencrypt expired certificate on Sept 30th 2021:

https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

On another server, updating libgnutls30 solved the issue.

apt-get install libgnutls30