Package: ssl-cert-check Version: 4.10-1 Severity: important Tags: upstream It appears that version 4.10 no longer supports checking the certificates of servers that only support TLS 1.2, as recommended by Mozilla:
https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility Here's an example of a server that can no longer be monitored using this package: $ ssl-cert-check -s fmarier.org -p 443 Host Status Expires Days ----------------------------------------------- ------------ ------------ ---- unable to load certificate 140117264852032:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE unable to load certificate 140042749473856:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE unable to load certificate 140668490343488:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE unable to load certificate 140431452333120:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE fmarier.org:443 Expired -2458542 Francois -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-3-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_USER, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=fr_CA.utf8, LC_CTYPE=fr_CA.utf8 (charmap=UTF-8), LANGUAGE=fr_CA.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages ssl-cert-check depends on: ii openssl 1.1.1b-1 Versions of packages ssl-cert-check recommends: ii bsd-mailx [mailx] 8.1.2-0.20180807cvs-1 ii mailutils [mailx] 1:3.5-2 ssl-cert-check suggests no packages. -- no debconf information