Hi, My MTA is noting an expired certificate in the chain sent sent by [204.93.207.17] :-
2022-06-15 13:01:55.660 +0000 [204.93.207.17] SSL verify error: depth=2 error=certificate has expired cert=/O=Digital Signature Trust Co./CN=DST Root CA X3 2022-06-15 13:01:55.660 +0000 [204.93.207.17] mail0.chi1.ntfo.org tls:cert depth=2 <CN=DST Root CA X3,O=Digital Signature Trust Co.> 2022-06-15 13:01:55.660 +0000 [204.93.207.17] SSL verify error: depth=1 error=certificate has expired cert=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 2022-06-15 13:01:55.660 +0000 [204.93.207.17] mail0.chi1.ntfo.org tls:cert depth=1 <CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US> 2022-06-15 13:01:55.660 +0000 [204.93.207.17] SSL verify error: depth=0 error=certificate has expired cert=/CN=mail0.chi1.ntfo.org 2022-06-15 13:01:55.660 +0000 [204.93.207.17] mail0.chi1.ntfo.org tls:cert depth=0 <CN=mail0.chi1.ntfo.org> <DNS=mail0.chi1.ntfo.org> The top line there is the CA of the chain. I'm unclear if actually all the chain layers really have expired, or if the failure is propagated from the CA level. I think this is probably a client certificate chain, my MTA having requested one. The X3 cert expired Septenber 2021: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ -- Cheers, Jeremy -- This is questions@lists.ntp.org Subscribe: questions+subscr...@lists.ntp.org Unsubscribe: questions+unsubscr...@lists.ntp.org
