Re: [exim] Expired tls certificate

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jeremy Harris
Datum:  
To: exim-users
Betreff: Re: [exim] Expired tls certificate
On 16/03/2022 21:01, Mike Diehl via Exim-users wrote:
> depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
> verify error:num=10:certificate has expired
> notAfter=Sep 30 14:01:15 2021 GMT


> What am I missing?



Ah, the "depth=3" is the clue. This is not talking about your leaf
cert being out of date.

https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
looks relevant. Your system (the one you ran "openssl s_client" on)
does not have an up-to-date CA cert for LetsEncrpyt. That implies you've
not updated it for a while, and it will be full of known exploit holes
unpatched too. One hopes it is not exposed to the outside...

--
Cheers,
Jeremy