[ejabberd] Ejabberd 21.07 - expired SSL cert?

Alex alexrhtc at gmail.com
Sun Oct 17 06:18:45 MSK 2021


Hi All,

I am running Ejabberd 21.07 on FreeBSD.

I am seeing a strange warning in my server logs, even after renewing my
certificate (CA is Letsencrypt)

2021-10-17 14:02:07.980333+11:00 [warning]
<0.295.0>@ejabberd_pkix:log_warnings/1:393 Invalid certificate in
/usr/local/etc/letsencrypt/live/mydomain.net-0001/fullchain.pem: at line
65: certificate is no longer valid as its expiration date has passed

I am aware that Letsencrypt did recently have an expired intermediate (R3)
however I believe my cert bundle is currently fine as I renewed it - my web
server uses the same pem and it scores an A+ on the qualys ssl tester with
no chain/trust issues.

When I look at the cert that Ejabberd is complaining about on line 65 using
openssl x509, it shows:

  Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:01:77:21:37:d4:e9:42:b8:ee:76:aa:3c:64:0a:b7
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: O = Digital Signature Trust Co., CN = DST Root CA X3
        Validity
            Not Before: Jan 20 19:14:03 2021 GMT
            Not After : Sep 30 18:14:03 2024 GMT
        Subject: C = US, O = Internet Security Research Group, CN = ISRG
Root X1

2024... It is certainly NOT expired, Is this an erroneous log message? A
client who connects using the Pidgin XMPP client is reporting they get an
invalid cert error when connecting, but I have no issues connecting using
the same client (I am on Linux, however the person with the issue is on
Windows).

Thanks!
A.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20211017/01b762d3/attachment.htm>


More information about the ejabberd mailing list