Auto Provisioning Failure since October due to the Expired Let's Encrypt ISRG Root X1 CA Cert on Yealink Phone


  • Model: S-Series Cloud PBX, P-Series Cloud PBX
  • Firmware version: Any
  • IP Phone: Yealink and other brand phone use expired ISRG Root X1 CA cert(Especially version before V86)



  • Auto Provisioning failure since October 2021 for Yealink IP phone. 
  • Previously remote phonebook is working, but it starts to have phonebook update failure since October 2021 for Yealink IP phone. 
  • TLS registration failure since since October 2021 for Yealink IP phone.



In this article, we take Yealink IP phone as example.

The Yeastar Hosted Cloud PBX uses Let's Encrypt ISRG Root X1 domain valid certificate. However, the ISRG Root X1 CA certificates loaded on old version Yealink phone have been expired since Oct 6, 2021. 


This will make PBX reject the TLS handshake when doing HTTPS based provisioning processs.



Upgarde the Yealink phone to the latest version (which supported to upgrade to version V86). Because the latest version will include the updated ISRG Root X1 CA certificate.

You can find the new it in the scroll down list. The expiration date has been updated to the year of 2035.

The known affected models:

  • T5X, T41S, T42S, T31(T30,T30P,T31G,T31P,T33P,T33G), 
  • W70B


Older Yealink models

They do not have upgrade to gain the new certificate. The alternative is to manually disable the option "Only Accept Trusted Certificates" on the phone. The known affected models:

  • T23P, T23G, T40G, T41P, T42G, T46G, T48G, T52S
  • W60B





Have more questions? Submit a request


Please sign in to leave a comment.