Certificate expired

On Wed, Mar 15, 2023 at 7:25 PM Sylvie Greverend <
SGreverend@harriscomputer.com> wrote:

I am trying to install postgresql on a new server [ CentOS Linux release
7.3.1611 (Core) ]. I have a certificate expired

I had previously installed on other centos servers [same version]

I posted an error on centos https://bugs.centos.org/view.php?id=18580.
But they sent me back to [postgresql

Thank you very much for your help

On new server

openssl s_client -connect download.postgresql.org:443 -servername
download.postgresql.org | openssl x509 -dates -noout

depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3

verify error:num=10:certificate has expired

notAfter=Sep 30 14:01:15 2021 GMT

notBefore=Feb 18 09:08:35 2023 GMT

notAfter=May 19 09:08:34 2023 GMT

date

Wed Mar 15 13:37:56 EDT 2023

On a server previously installed

openssl s_client -connect download.postgresql.org:443 -servername
download.postgresql.org | openssl x509 -dates -noout

depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1

verify return:1

depth=1 C = US, O = Let's Encrypt, CN = R3

verify return:1

depth=0 CN = ftp.postgresql.org

verify return:1

notBefore=Jan 30 21:08:05 2023 GMT

notAfter=Apr 30 21:08:04 2023 GMT

date

Wed Mar 15 13:40:30 EDT 2023

This looks like the machine is picking up the old letsencrypt root. This is
normally fixed if you ensure your ca-certificates package is up to date.
What version of that package are you running with, and have you installed
all available updates to that and openssl? Your command output is
consistent with a machine that's not properly updated.

(You'll note that your reference from the centos page also says there
appears to be nothing wrong with the servers..)

//Magnus

Hello
I'm pretty sure you haven't updated your ca-certificates for at least a few years. This was a known story in early October 2021.

for example, https://blog.devgenius.io/rhel-centos-7-fix-for-lets-encrypt-change-8af2de587fe4

regards, Sergei