Do you have a minimum preproducible example that we can use to attempt
to diagnose this? Including details on general things about your CA
certificate, the CSR, what kind of certificate options you set when you
tried to generate the certificate, etc.
Note that 2.4.0 was released back in 2021, and `oldstable` is a "best
effort" scenario for updating.
Additionally, I do not believe this qualifies for "grave" severity
because we are missing MREs, etc. necessary to really determine what's
going on with your environment vs. others' environments.
Thomas
