how to check server cert
$ openssl s_client -connect clover.mydomain.com:443
CONNECTED(00000007)
depth=0 CN = *.mydomain.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = *.mydomain.com
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN = *.mydomain.com
verify return:1
---
Certificate chain
0 s:CN = *.mydomain.com
i:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: May 17 00:00:00 2022 GMT; NotAfter: May 21 23:59:59 2023 GMT
1 s:CN = *.mydomain.com
i:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: May 17 00:00:00 2022 GMT; NotAfter: May 21 23:59:59 2023 GMT
---
Server certificate
.
.
.
.