Reputation: 505
Why do I get a SSL Expired error for certificates that are still valid?
I have a server that hosts a Java backend which has a JavaKeyStore (JKS) that stores a certificate from Lets Encrypt.
The certificate chain looks as follows:
- ISRG Root X1 (valid until 30/09/2024, 20:14:03 CEST)
-- R3 (valid until 15/09/2025, 18:00:00 CEST)
--- api.verumsoftware.com (valid until 31/10/2021, 23:10:36 CET)
When I make a request in Postman I get the following error:
SSL Error: Certificate has expired
I find this odd since each certificate in the chain should still be valid. Does anybody know what could cause this? When I look up the server on various sites that check whether certificates are correctly installed, they all say it's perfectly fine.
Upvotes: 0
Views: 7800
Answers (3)
Reputation: 626
There is a very simple fix: install this "new" R3 certificate on the CLIENT -- So, on your iPhone (or other iOS device), PC/Mac, browser ect (tested only of Apple, but should work for Android,ect)
- GoTO https://letsencrypt.org/certificates/
- find the bullet
Let’s Encrypt R3(below active) - Click on the link called pem (or one of the other types; try a bit for your device)
- It will download the cert and/or offer to install it
On iPhone (etc)
- Use 'Setting'
- A new entry is shown, about the cert
- follow it, accept it
- Done
On Mac
- The file is downloaded
- Open: KeyChain acces
- File-> Import
- Select the file; eg: ~/Downloads/let-encript-r3.pem
- follow, etc
- optionally: select/config SSL: always trust
- Done
In general, there is NO need to install/update software, just one file :-)
Upvotes: 0
Reputation: 3853
This is a LetsEncrypt issue that occurred on Sep 30 2021. You probably need to patch the OS to remove the offending certificate.
For example this in CentOS. https://blog.devgenius.io/rhel-centos-7-fix-for-lets-encrypt-change-8af2de587fe4#:%7E:text=So%2C%20DST%20Root%20CA%20X3%20needs%20to%20be,The%20manual%20steps%20below%20are%20no%20longer%20necessary
Or use a non-LetsEncrypt SSL Cert.
Upvotes: 1
Reputation: 505
Apparently this was an issue with Postman, details can be found here: https://github.com/postmanlabs/postman-app-support/issues/10338
Updating Postman to version 9.0.5 fixed the issue for me!
Upvotes: 0
Related Questions
- SSL certificate problem: certificate has expire in macOS
- SSL Certificate expires while connected
- java.security.cert.CertificateNotYetValidException even after the "valid from" Date
- Openssl telling certificate has expired when it has not
- Why does SSLLabs say my certificate is fine when my CA's cert is expired?
- Enable Java to permit expired certificate
- SSL certificate expired the same day of creation
- why is my certificate expiring so soon?
- javax.net.ssl.SSLHandshakeException: certificate expired - Local or Remote?
- Java SSL/TLS ignore expired cert? (java.security.cert.CertPathValidatorException: timestamp check failed)