Re: Certificate expired

On Wed, Mar 15, 2023 at 7:25 PM Sylvie Greverend <
SGreverend(at)harriscomputer(dot)com> wrote:

> I am trying to install postgresql on a new server [ CentOS Linux release
> 7.3.1611 (Core) ]. I have a certificate expired
>
> I had previously installed on other centos servers [same version]
>
>
>
> I posted an error on centos https://bugs.centos.org/view.php?id=18580.
> But they sent me back to [postgresql
>
>
>
> Thank you very much for your help
>
>
>
> On new server
>
> openssl s_client -connect download.postgresql.org:443 -servername
> download.postgresql.org | openssl x509 -dates -noout
>
> depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
>
> verify error:num=10:certificate has expired
>
> notAfter=Sep 30 14:01:15 2021 GMT
>
> notBefore=Feb 18 09:08:35 2023 GMT
>
> notAfter=May 19 09:08:34 2023 GMT
>
>
>
> date
>
> Wed Mar 15 13:37:56 EDT 2023
>
>
>
> On a server previously installed
>
> openssl s_client -connect download.postgresql.org:443 -servername
> download.postgresql.org | openssl x509 -dates -noout
>
> depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
>
> verify return:1
>
> depth=1 C = US, O = Let's Encrypt, CN = R3
>
> verify return:1
>
> depth=0 CN = ftp.postgresql.org
>
> verify return:1
>
> notBefore=Jan 30 21:08:05 2023 GMT
>
> notAfter=Apr 30 21:08:04 2023 GMT
>
>
>
> date
>
> Wed Mar 15 13:40:30 EDT 2023
>
>
>

This looks like the machine is picking up the old letsencrypt root. This is
normally fixed if you ensure your ca-certificates package is up to date.
What version of that package are you running with, and have you installed
all available updates to that and openssl? Your command output is
consistent with a machine that's not properly updated.

(You'll note that your reference from the centos page also says there
appears to be nothing wrong with the servers..)

//Magnus