On Fri, Oct 8, 2021 at 11:42 AM Magnus Hagander <magnus@hagander.net> wrote:
>
> More to the point, your client needs a nudge. The certificate has not expired, but you are using a version of
OpenSSLthat's terribly out of date. All (or most at least? But I think all) non-EOL distros should do that by default
ifyou just apply their updates. See for example https://letsencrypt.org/2021/10/01/cert-chaining-help.html and
https://letsencrypt.org/docs/certificate-compatibility/
>
Thanks. I didn't notice the root cert expired last week. Updating
OpenSSL did the trick.