Hello, I face a very strange issue : Code: root@serv1:~# curl -vvv https://code.dom.tld * Trying 2a09:ccc:ccc:ccc:ccc:ccc:ccc:39:443... * TCP_NODELAY set * Connected to code.dom.tld (2a09:ccc:ccc:ccc:ccc:ccc:ccc:39) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (OUT), TLS alert, certificate expired (557): * SSL certificate problem: certificate has expired * Closing connection 0 curl: (60) SSL certificate problem: certificate has expired More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. but at the same time Code: Certificate Name: code.dom.tld Domains: code.dom.tld Expiry Date: 2023-06-25 14:37:42+00:00 (VALID: 53 days) Certificate Path: /etc/letsencrypt/live/code.dom.tld/fullchain.pem Private Key Path: /etc/letsencrypt/live/code.dom.tld/privkey.pem I try apt update, apt upgrade. I try update-ca-certificates I google and see that DST-cert-x3 in 2021 was an issue but my server was setup in 2023... Any people having that problem ?
So you are likely testing different certs, or you must restart the web server. Look at the vhost file, see which cert path it refers to and then test the cert at that path.
