[ejabberd] Ejabberd 21.07 - expired SSL cert?

Tamer Higazi th982a at googlemail.com
Sun Oct 17 12:27:04 MSK 2021


Hi Alex,

Try to update the CA list on FreeBSD.
Same thing I had on my gentoo machine. don't know why ....

best, Tamer

Am 10/17/21 um 5:18 AM schrieb Alex:
> Hi All,
>
> I am running Ejabberd 21.07 on FreeBSD.
>
> I am seeing a strange warning in my server logs, even after renewing 
> my certificate (CA is Letsencrypt)
>
> 2021-10-17 14:02:07.980333+11:00 [warning] 
> <0.295.0>@ejabberd_pkix:log_warnings/1:393 Invalid certificate in 
> /usr/local/etc/letsencrypt/live/mydomain.net-0001/fullchain.pem: at 
> line 65: certificate is no longer valid as its expiration date has passed
>
> I am aware that Letsencrypt did recently have an expired intermediate 
> (R3) however I believe my cert bundle is currently fine as I renewed 
> it - my web server uses the same pem and it scores an A+ on the qualys 
> ssl tester with no chain/trust issues.
>
> When I look at the cert that Ejabberd is complaining about on line 65 
> using openssl x509, it shows:
>
>   Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number:
>             40:01:77:21:37:d4:e9:42:b8:ee:76:aa:3c:64:0a:b7
>         Signature Algorithm: sha256WithRSAEncryption
>         Issuer: O = Digital Signature Trust Co., CN = DST Root CA X3
>         Validity
>             Not Before: Jan 20 19:14:03 2021 GMT
>             Not After : Sep 30 18:14:03 2024 GMT
>         Subject: C = US, O = Internet Security Research Group, CN = 
> ISRG Root X1
>
> 2024... It is certainly NOT expired, Is this an erroneous log message? 
> A client who connects using the Pidgin XMPP client is reporting they 
> get an invalid cert error when connecting, but I have no issues 
> connecting using the same client (I am on Linux, however the person 
> with the issue is on Windows).
>
> Thanks!
> A.
>
>
>
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd


More information about the ejabberd mailing list