anxgang/lets-encrypt-certificates-are-expired.md

Last active February 3, 2023 08:06

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/anxgang/a62a3e91f11dd0033faad03ccc15093f.js"></script>
Save anxgang/a62a3e91f11dd0033faad03ccc15093f to your computer and use it in GitHub Desktop.

Raw

SSL 驗證方式:

# 簡單查詢
echo | openssl s_client -connect xxx.xxx.xxx:443 | openssl x509 -noout -dates
# 簡單查詢 指定 tls1.2
echo | openssl s_client -connect xxx.xxx.xxx:443 -tls1_2 | openssl x509 -noout -dates
# 簡單查詢 指定 tls1.2 指定 domain
echo | openssl s_client -connect xxx.xxx.xxx:443 -tls1_2 -servername xxx.xxx.xxx | openssl x509 -noout -dates
# 完整顯示
echo | openssl s_client -connect xxx.xxx.xxx:443

Raw

lets-encrypt-certificates-are-expired.md

lets encrypt certificates expired

$ irb
:001 > require 'open-uri'
:002 > open(url)
# OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed

The reason is that the "DST Root CA X3" certificate has expired yesterday.

To fix it, just disable the certificate on your server. Run:

sudo dpkg-reconfigure ca-certificates

On the first screen that prompts "Trust new certificates from certificate authorities?" choose "yes".
On the next screen press the down arrow key on your keyboard until you find mozilla/DST_Root_CA_X3.crt,
press the space bar to deselect it (the [*] should turn into [ ]) and press Enter.

https://superuser.com/questions/1679204/curl-on-ubuntu-14-all-lets-encrypt-certificates-are-expired-error-60