Package: ca-certificates Version: 20210119 Severity: normal This is a similar situation as #961907. The DST Root CA X3 certificate in ca-certificates has expired, which is a signer for "ISRG Root X1", which in turn i used by Letsencrypt. This causes some (older?) SSL implementation to mark letsencrypt certificates as expired even though there is a trusted valid "intermediate"
-- System Information: Debian Release: bookworm/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'oldstable-proposed-updates'), (500, 'oldstable-debug'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: armhf, arm64 Kernel: Linux 5.14.0-1-amd64 (SMP w/32 CPU threads) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages ca-certificates depends on: ii debconf [debconf-2.0] 1.5.77 ii openssl 1.1.1l-1 ca-certificates recommends no packages. ca-certificates suggests no packages. -- debconf information excluded
