> On 30 Dec 2021, at 16:27, Alex Nadtoka <alex.nadt...@gmail.com> wrote: > > Even if I remove root certificate from the server it will be added again on > renewal.
It is the client that needs the ca certificate to be removed, not the server. The root cause is that there is more than one verification path possible and unpatched openssl versions pick the wrong (expired) option. A _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
