Re: Expired cert

It appears the issue isn't fully resolved. I still see the expired root
certificate DST Root CA X3 with openssl:

% openssl s_client -connect www.postgresql.org:443 -servername
www.postgresql.org

CONNECTED(00000007)
depth=1 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
depth=1 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
---
Certificate chain
0 s:/CN=www.postgresql.org
i:/C=US/O=Let's Encrypt/CN=R3
1 s:/C=US/O=Let's Encrypt/CN=R3
i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---

Best,
Edward Breen
Software Engineer
Wexus Technologies Inc.
ebreen(at)wexusapp(dot)com

On Wed, Nov 24, 2021 at 11:35 AM Jim Mlodgenski <jimmy76(at)gmail(dot)com> wrote:

> On Fri, Oct 8, 2021 at 11:42 AM Magnus Hagander <magnus(at)hagander(dot)net>
> wrote:
> >
> > More to the point, your client needs a nudge. The certificate has not
> expired, but you are using a version of OpenSSL that's terribly out of
> date. All (or most at least? But I think all) non-EOL distros should do
> that by default if you just apply their updates. See for example
> https://letsencrypt.org/2021/10/01/cert-chaining-help.html and
> https://letsencrypt.org/docs/certificate-compatibility/
> >
> Thanks. I didn't notice the root cert expired last week. Updating
> OpenSSL did the trick.
>
>
>
>
>