On Thu, Feb 03, 2022 at 03:42:39PM +0100, Matus UHLAR - fantomas wrote:
> Certificate chain
> 0 s:CN = darwin.bork.org
> i:C = US, O = Let's Encrypt, CN = R3
> 1 s:C = US, O = Let's Encrypt, CN = R3
> i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
> 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
> i:O = Digital Signature Trust Co., CN = DST Root CA X3
>
> the third certificate is expired, but the second one is already trusted by
> root CA, so the third should not be evaluated.
I don't see an expired third certificate. If you do, perhaps that
originates in your trust store.
--
Viktor.
