## Cedric Rey (cerey@xxxxxxxxxxxxxxx): > the certificate on download.postgresql.org has expired : > > openssl s_client -connect download.postgresql.org:443 > CONNECTED(00000003) > depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3 > verify error:num=10:certificate has expired > notAfter=Sep 30 14:01:15 2021 GMT That's complaining about the "DST Root CA X3" certificate, and that's (partially) expected: https://letsencrypt.org/2021/10/01/cert-chaining-help.html But the fact that you're seeing this indicates that you're either running an horribly outdated version of openssl (as Daniel mentioned), but even CentOS' "OpenSSL 1.0.2k-fips 26 Jan 2017" has been fixed in this regard. The other possibility is that your trusted CA list is outdated: that would be package ca-certificates (same name in deb and rpm world). I do know from my own experience that at least the "old" (2020.2.something) Redhat package is missing the new "ISRG Root X1" certificate, you'll need version 2021.2.something. Regards, Christoph -- Spare Space
