[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[questions] Old certificate chain being sent by list server



Hi,

My MTA is noting an expired certificate in the chain sent sent by
[204.93.207.17] :-

2022-06-15 13:01:55.660 +0000 [204.93.207.17] SSL verify error: depth=2 error=certificate has expired cert=/O=Digital Signature Trust Co./CN=DST Root CA X3
2022-06-15 13:01:55.660 +0000 [204.93.207.17] mail0.chi1.ntfo.org tls:cert depth=2 <CN=DST Root CA X3,O=Digital Signature Trust Co.>
2022-06-15 13:01:55.660 +0000 [204.93.207.17] SSL verify error: depth=1 error=certificate has expired cert=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
2022-06-15 13:01:55.660 +0000 [204.93.207.17] mail0.chi1.ntfo.org tls:cert depth=1 <CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US>
2022-06-15 13:01:55.660 +0000 [204.93.207.17] SSL verify error: depth=0 error=certificate has expired cert=/CN=mail0.chi1.ntfo.org
2022-06-15 13:01:55.660 +0000 [204.93.207.17] mail0.chi1.ntfo.org tls:cert depth=0 <CN=mail0.chi1.ntfo.org> <DNS=mail0.chi1.ntfo.org>

The top line there is the CA of the chain.  I'm unclear if actually all the chain
layers really have expired, or if the failure is propagated from the CA level.

I think this is probably a client certificate chain, my MTA having requested one.


The X3 cert expired Septenber 2021:
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
--
Cheers,
  Jeremy
--
This is questions@xxxxxxxxxxxxx
Subscribe: questions+subscribe@xxxxxxxxxxxxx
Unsubscribe: questions+unsubscribe@xxxxxxxxxxxxx