[ejabberd] Ejabberd 21.07 - expired SSL cert?

Alex alexrhtc at gmail.com
Mon Oct 18 01:35:43 MSK 2021


Hi Tamer,

On FreeBSD, I believe this is the ca_root_nss package. It is up to date on
my system.

My cert bundle doesn't contain any expired certs so I can only assume that
this log warning from Ejabberd is erroneous.



On Sun, Oct 17, 2021 at 8:27 PM Tamer Higazi <th982a at googlemail.com> wrote:

> Hi Alex,
>
> Try to update the CA list on FreeBSD.
> Same thing I had on my gentoo machine. don't know why ....
>
> best, Tamer
>
> Am 10/17/21 um 5:18 AM schrieb Alex:
> > Hi All,
> >
> > I am running Ejabberd 21.07 on FreeBSD.
> >
> > I am seeing a strange warning in my server logs, even after renewing
> > my certificate (CA is Letsencrypt)
> >
> > 2021-10-17 14:02:07.980333+11:00 [warning]
> > <0.295.0>@ejabberd_pkix:log_warnings/1:393 Invalid certificate in
> > /usr/local/etc/letsencrypt/live/mydomain.net-0001/fullchain.pem: at
> > line 65: certificate is no longer valid as its expiration date has passed
> >
> > I am aware that Letsencrypt did recently have an expired intermediate
> > (R3) however I believe my cert bundle is currently fine as I renewed
> > it - my web server uses the same pem and it scores an A+ on the qualys
> > ssl tester with no chain/trust issues.
> >
> > When I look at the cert that Ejabberd is complaining about on line 65
> > using openssl x509, it shows:
> >
> >   Certificate:
> >     Data:
> >         Version: 3 (0x2)
> >         Serial Number:
> >             40:01:77:21:37:d4:e9:42:b8:ee:76:aa:3c:64:0a:b7
> >         Signature Algorithm: sha256WithRSAEncryption
> >         Issuer: O = Digital Signature Trust Co., CN = DST Root CA X3
> >         Validity
> >             Not Before: Jan 20 19:14:03 2021 GMT
> >             Not After : Sep 30 18:14:03 2024 GMT
> >         Subject: C = US, O = Internet Security Research Group, CN =
> > ISRG Root X1
> >
> > 2024... It is certainly NOT expired, Is this an erroneous log message?
> > A client who connects using the Pidgin XMPP client is reporting they
> > get an invalid cert error when connecting, but I have no issues
> > connecting using the same client (I am on Linux, however the person
> > with the issue is on Windows).
> >
> > Thanks!
> > A.
> >
> >
> >
> > _______________________________________________
> > ejabberd mailing list
> > ejabberd at jabber.ru
> > http://lists.jabber.ru/mailman/listinfo/ejabberd
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20211018/5b916b9c/attachment.htm>


More information about the ejabberd mailing list