Can't renew: requests. exceptions.SSLError: HTTPSConnectionPool (host=' acme-v02.api. letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError (SSLCert VerificationError (1, '[SSL: CERTIFICATE_ VERIFY_FAILED]

Seeing the amount of reports on this, I might be beating a dead horse, but since none of the solutions solved the problem, I'll make another thread.
I want to point out that this problem exists exclusively on my mail server, no problems at all on every other server, and I run a mix of Debian and Ubuntu servers, plus 1 CentOS server.
The mail server runs on Debian 11.

My domain is: (confidential)

I ran this command: certbot renew

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/〇〇.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Failed to renew certificate 〇〇 with error: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1123)')))

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/〇〇/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

My web server is (include version): nginx version:

nginx -v
nginx version: nginx/1.18.0

The operating system my web server runs on is (include version):

cat /etc/debian_version
11.1

My hosting provider, if applicable, is: ConoHa

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot --version
certbot 1.12.0

certbot-auto --version
zsh: command not found: certbot-auto

openssl version
OpenSSL 1.1.1k  25 Mar 2021

Other information:

dig acme-v02.api.letsencrypt.org

; <<>> DiG 9.16.22-Debian <<>> acme-v02.api.letsencrypt.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25224
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;acme-v02.api.letsencrypt.org.	IN	A

;; ANSWER SECTION:
acme-v02.api.letsencrypt.org. 384 IN	CNAME	prod.api.letsencrypt.org.
prod.api.letsencrypt.org. 257	IN	CNAME	ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com.
ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com. 257 IN A 172.65.32.248

;; Query time: 4 msec
;; SERVER: 180.222.191.15#53(180.222.191.15)
;; WHEN: Thu Dec 02 14:03:38 JST 2021
;; MSG SIZE  rcvd: 155

curl -v https://acme-v02.api.letsencrypt.org/
*   Trying 172.65.32.248:443...
* Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, certificate expired (557):
* SSL certificate problem: certificate has expired
* Closing connection 0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

What's the output of:

dpkg-query -l ca-certificates

I got this:

要望=(U)不明/(I)インストール/(R)削除/(P)完全削除/(H)保持
| 状態=(N)無/(I)インストール済/(C)設定/(U)展開/(F)設定失敗/(H)半インストール/(W)トリガ待ち/(T)トリガ保留
|/ エラー?=(空欄)無/(R)要再インストール (状態,エラーの大文字=異常)
||/ 名前            バージョン   アーキテクチ 説明
+++-===============-============-============-=================================
ii  ca-certificates 20210119     all          Common CA certificates

Some translation:
要望 = demand
不明 = unknown = U
インストール = install = I
削除 = delete = R
完全削除 = completely purge = P
保持 = preserve = H

状態 = status
無 = no = N
インストール済 = installation completed = I
設定 = settings = C
展開 = unfold = U
設定失敗 = settings failed = F
半インストール = half installation = H
トリガ待ち = wait for trigger = W
トリガ保留 = trigger reservation = T

エラー？ = error?
(空欄)無 = (blank) no
要再インストール = demand reinstall (not a correct localization though) = R
状態,エラーの大文字＝異常 = status, capital letters of the error = abnormal

名前 = name
バージョン = version
アーキテクチ = architecti
説明 = explanation

Update:
Identical output on the other servers where certbot does work.

Bizarre. Does forcibly regenerating the ca-certificates file help at all?

update-ca-certificates --fresh

update-ca-certificates --fresh
Clearing symlinks in /etc/ssl/certs...
done.
Updating certificates in /etc/ssl/certs...
rehash: warning: skipping iRedMail.crt,it does not contain exactly one certificate or CRL
129 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.

The same error came up when trying to renew again though.

Please show the output of:
ls -ltr /etc/ssl/certs/

It's long though.

ls -ltr /etc/ssl/certs/
合計 588
-rw-r--r-- 1 root root   1054  3月  6  2019  ssl-cert-snakeoil.pem
lrwxrwxrwx 1 root root     21  3月  6  2019  79aae987 -> ssl-cert-snakeoil.pem
-rw-r--r-- 1 root root   1456  3月  6  2019  iRedMail.crt.bak
-rw-r--r-- 1 root root   3558  5月 13  2019  iRedMail.crt
lrwxrwxrwx 1 root root     21  9月 12  2019  79aae987.0 -> ssl-cert-snakeoil.pem
lrwxrwxrwx 1 root root     48 12月  2 15:18  ACCVRAIZ1.pem -> /usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt
lrwxrwxrwx 1 root root     69 12月  2 15:18  Actalis_Authentication_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt
lrwxrwxrwx 1 root root     61 12月  2 15:18  AffirmTrust_Commercial.pem -> /usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt
lrwxrwxrwx 1 root root     61 12月  2 15:18  AffirmTrust_Networking.pem -> /usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt
lrwxrwxrwx 1 root root     58 12月  2 15:18  AffirmTrust_Premium.pem -> /usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt
lrwxrwxrwx 1 root root     62 12月  2 15:18  AffirmTrust_Premium_ECC.pem -> /usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt
lrwxrwxrwx 1 root root     60 12月  2 15:18  Atos_TrustedRoot_2011.pem -> /usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt
lrwxrwxrwx 1 root root     96 12月  2 15:18  Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem -> /usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx 1 root root     64 12月  2 15:18  Baltimore_CyberTrust_Root.pem -> /usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt
lrwxrwxrwx 1 root root     62 12月  2 15:18  Buypass_Class_2_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt
lrwxrwxrwx 1 root root     62 12月  2 15:18  Buypass_Class_3_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt
lrwxrwxrwx 1 root root     55 12月  2 15:18  CA_Disig_Root_R2.pem -> /usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt
lrwxrwxrwx 1 root root     47 12月  2 15:18  Certigna.pem -> /usr/share/ca-certificates/mozilla/Certigna.crt
lrwxrwxrwx 1 root root     55 12月  2 15:18  certSIGN_ROOT_CA.pem -> /usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt
lrwxrwxrwx 1 root root     66 12月  2 15:18  Certum_Trusted_Network_CA_2.pem -> /usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx 1 root root     64 12月  2 15:18  Certum_Trusted_Network_CA.pem -> /usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt
lrwxrwxrwx 1 root root     51 12月  2 15:18  CFCA_EV_ROOT.pem -> /usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt
lrwxrwxrwx 1 root root     71 12月  2 15:18  Chambers_of_Commerce_Root_-_2008.pem -> /usr/share/ca-certificates/mozilla/Chambers_of_Commerce_Root_-_2008.crt
lrwxrwxrwx 1 root root     63 12月  2 15:18  Comodo_AAA_Services_root.pem -> /usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt
lrwxrwxrwx 1 root root     69 12月  2 15:18  COMODO_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt
lrwxrwxrwx 1 root root     73 12月  2 15:18  COMODO_ECC_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root root     73 12月  2 15:18  COMODO_RSA_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root root     61 12月  2 15:18  Cybertrust_Global_Root.pem -> /usr/share/ca-certificates/mozilla/Cybertrust_Global_Root.crt
lrwxrwxrwx 1 root root     66 12月  2 15:18  DigiCert_Assured_ID_Root_CA.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx 1 root root     66 12月  2 15:18  DigiCert_Assured_ID_Root_G2.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx 1 root root     66 12月  2 15:18  DigiCert_Assured_ID_Root_G3.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx 1 root root     62 12月  2 15:18  DigiCert_Global_Root_CA.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt
lrwxrwxrwx 1 root root     62 12月  2 15:18  DigiCert_Global_Root_G2.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt
lrwxrwxrwx 1 root root     62 12月  2 15:18  DigiCert_Global_Root_G3.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt
lrwxrwxrwx 1 root root     73 12月  2 15:18  DigiCert_High_Assurance_EV_Root_CA.pem -> /usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx 1 root root     63 12月  2 15:18  DigiCert_Trusted_Root_G4.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx 1 root root     53 12月  2 15:18  DST_Root_CA_X3.pem -> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
lrwxrwxrwx 1 root root     69 12月  2 15:18  D-TRUST_Root_Class_3_CA_2_2009.pem -> /usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx 1 root root     72 12月  2 15:18  D-TRUST_Root_Class_3_CA_2_EV_2009.pem -> /usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx 1 root root     45 12月  2 15:18  EC-ACC.pem -> /usr/share/ca-certificates/mozilla/EC-ACC.crt
lrwxrwxrwx 1 root root     80 12月  2 15:18  Entrust.net_Premium_2048_Secure_Server_CA.pem -> /usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx 1 root root     75 12月  2 15:18  Entrust_Root_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt
lrwxrwxrwx 1 root root     81 12月  2 15:18  Entrust_Root_Certification_Authority_-_EC1.pem -> /usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx 1 root root     80 12月  2 15:18  Entrust_Root_Certification_Authority_-_G2.pem -> /usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx 1 root root     72 12月  2 15:18  ePKI_Root_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt
lrwxrwxrwx 1 root root     70 12月  2 15:18  E-Tugra_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt
lrwxrwxrwx 1 root root     69 12月  2 15:18  Global_Chambersign_Root_-_2008.pem -> /usr/share/ca-certificates/mozilla/Global_Chambersign_Root_-_2008.crt
lrwxrwxrwx 1 root root     66 12月  2 15:18  GlobalSign_ECC_Root_CA_-_R4.pem -> /usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx 1 root root     66 12月  2 15:18  GlobalSign_ECC_Root_CA_-_R5.pem -> /usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx 1 root root     57 12月  2 15:18  GlobalSign_Root_CA.pem -> /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt
lrwxrwxrwx 1 root root     62 12月  2 15:18  GlobalSign_Root_CA_-_R2.pem -> /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R2.crt
lrwxrwxrwx 1 root root     62 12月  2 15:18  GlobalSign_Root_CA_-_R3.pem -> /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx 1 root root     58 12月  2 15:18  Go_Daddy_Class_2_CA.pem -> /usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt
lrwxrwxrwx 1 root root     79 12月  2 15:18  Go_Daddy_Root_Certificate_Authority_-_G2.pem -> /usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root root     98 12月  2 15:18  Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem -> /usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx 1 root root     94 12月  2 15:18  Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem -> /usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx 1 root root     94 12月  2 15:18  Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem -> /usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx 1 root root     62 12月  2 15:18  Hongkong_Post_Root_CA_1.pem -> /usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx 1 root root     69 12月  2 15:18  IdenTrust_Commercial_Root_CA_1.pem -> /usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt
lrwxrwxrwx 1 root root     72 12月  2 15:18  IdenTrust_Public_Sector_Root_CA_1.pem -> /usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx 1 root root     51 12月  2 15:18  ISRG_Root_X1.pem -> /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt
lrwxrwxrwx 1 root root     49 12月  2 15:18  Izenpe.com.pem -> /usr/share/ca-certificates/mozilla/Izenpe.com.crt
lrwxrwxrwx 1 root root     69 12月  2 15:18  Microsec_e-Szigno_Root_CA_2009.pem -> /usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx 1 root root     83 12月  2 15:18 'NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem' -> '/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt'
lrwxrwxrwx 1 root root     78 12月  2 15:18  Network_Solutions_Certificate_Authority.pem -> /usr/share/ca-certificates/mozilla/Network_Solutions_Certificate_Authority.crt
lrwxrwxrwx 1 root root     70 12月  2 15:18  OISTE_WISeKey_Global_Root_GB_CA.pem -> /usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx 1 root root     60 12月  2 15:18  QuoVadis_Root_CA_1_G3.pem -> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx 1 root root     57 12月  2 15:18  QuoVadis_Root_CA_2.pem -> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt
lrwxrwxrwx 1 root root     60 12月  2 15:18  QuoVadis_Root_CA_2_G3.pem -> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx 1 root root     57 12月  2 15:18  QuoVadis_Root_CA_3.pem -> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt
lrwxrwxrwx 1 root root     60 12月  2 15:18  QuoVadis_Root_CA_3_G3.pem -> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx 1 root root     55 12月  2 15:18  QuoVadis_Root_CA.pem -> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA.crt
lrwxrwxrwx 1 root root     55 12月  2 15:18  Secure_Global_CA.pem -> /usr/share/ca-certificates/mozilla/Secure_Global_CA.crt
lrwxrwxrwx 1 root root     58 12月  2 15:18  SecureSign_RootCA11.pem -> /usr/share/ca-certificates/mozilla/SecureSign_RootCA11.crt
lrwxrwxrwx 1 root root     53 12月  2 15:18  SecureTrust_CA.pem -> /usr/share/ca-certificates/mozilla/SecureTrust_CA.crt
lrwxrwxrwx 1 root root     69 12月  2 15:18  Security_Communication_RootCA2.pem -> /usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt
lrwxrwxrwx 1 root root     69 12月  2 15:18  Security_Communication_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt
lrwxrwxrwx 1 root root     61 12月  2 15:18  Sonera_Class_2_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Sonera_Class_2_Root_CA.crt
lrwxrwxrwx 1 root root     71 12月  2 15:18  Staat_der_Nederlanden_EV_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_EV_Root_CA.crt
lrwxrwxrwx 1 root root     73 12月  2 15:18  Staat_der_Nederlanden_Root_CA_-_G3.pem -> /usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt
lrwxrwxrwx 1 root root     59 12月  2 15:18  Starfield_Class_2_CA.pem -> /usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt
lrwxrwxrwx 1 root root     80 12月  2 15:18  Starfield_Root_Certificate_Authority_-_G2.pem -> /usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root root     89 12月  2 15:18  Starfield_Services_Root_Certificate_Authority_-_G2.pem -> /usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root root     61 12月  2 15:18  SwissSign_Gold_CA_-_G2.pem -> /usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx 1 root root     63 12月  2 15:18  SwissSign_Silver_CA_-_G2.pem -> /usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx 1 root root     54 12月  2 15:18  SZAFIR_ROOT_CA2.pem -> /usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt
lrwxrwxrwx 1 root root     61 12月  2 15:18  TeliaSonera_Root_CA_v1.pem -> /usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx 1 root root     58 12月  2 15:18  Trustis_FPS_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Trustis_FPS_Root_CA.crt
lrwxrwxrwx 1 root root     67 12月  2 15:18  T-TeleSec_GlobalRoot_Class_2.pem -> /usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx 1 root root     67 12月  2 15:18  T-TeleSec_GlobalRoot_Class_3.pem -> /usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx 1 root root     58 12月  2 15:18  TWCA_Global_Root_CA.pem -> /usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt
lrwxrwxrwx 1 root root     72 12月  2 15:18  TWCA_Root_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt
lrwxrwxrwx 1 root root     76 12月  2 15:18  USERTrust_ECC_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root root     76 12月  2 15:18  USERTrust_RSA_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root root     59 12月  2 15:18  XRamp_Global_CA_Root.pem -> /usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt
lrwxrwxrwx 1 root root     55 12月  2 15:18  AC_RAIZ_FNMT-RCM.pem -> /usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx 1 root root     55 12月  2 15:18  Amazon_Root_CA_1.pem -> /usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt
lrwxrwxrwx 1 root root     55 12月  2 15:18  Amazon_Root_CA_2.pem -> /usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt
lrwxrwxrwx 1 root root     55 12月  2 15:18  Amazon_Root_CA_3.pem -> /usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt
lrwxrwxrwx 1 root root     55 12月  2 15:18  Amazon_Root_CA_4.pem -> /usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt
lrwxrwxrwx 1 root root     61 12月  2 15:18  GDCA_TrustAUTH_R5_ROOT.pem -> /usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx 1 root root     82 12月  2 15:18  SSL.com_EV_Root_Certification_Authority_ECC.pem -> /usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root root     85 12月  2 15:18  SSL.com_EV_Root_Certification_Authority_RSA_R2.pem -> /usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx 1 root root     79 12月  2 15:18  SSL.com_Root_Certification_Authority_ECC.pem -> /usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root root     79 12月  2 15:18  SSL.com_Root_Certification_Authority_RSA.pem -> /usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx 1 root root     53 12月  2 15:18  TrustCor_ECA-1.pem -> /usr/share/ca-certificates/mozilla/TrustCor_ECA-1.crt
lrwxrwxrwx 1 root root     61 12月  2 15:18  TrustCor_RootCert_CA-1.pem -> /usr/share/ca-certificates/mozilla/TrustCor_RootCert_CA-1.crt
lrwxrwxrwx 1 root root     61 12月  2 15:18  TrustCor_RootCert_CA-2.pem -> /usr/share/ca-certificates/mozilla/TrustCor_RootCert_CA-2.crt
lrwxrwxrwx 1 root root     84 12月  2 15:18  TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem -> /usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
lrwxrwxrwx 1 root root     62 12月  2 15:18  GlobalSign_Root_CA_-_R6.pem -> /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx 1 root root     70 12月  2 15:18  OISTE_WISeKey_Global_Root_GC_CA.pem -> /usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx 1 root root     55 12月  2 15:18  Certigna_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt
lrwxrwxrwx 1 root root     80 12月  2 15:18  Entrust_Root_Certification_Authority_-_G4.pem -> /usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G4.crt
lrwxrwxrwx 1 root root     50 12月  2 15:18  GTS_Root_R1.pem -> /usr/share/ca-certificates/mozilla/GTS_Root_R1.crt
lrwxrwxrwx 1 root root     50 12月  2 15:18  GTS_Root_R2.pem -> /usr/share/ca-certificates/mozilla/GTS_Root_R2.crt
lrwxrwxrwx 1 root root     50 12月  2 15:18  GTS_Root_R3.pem -> /usr/share/ca-certificates/mozilla/GTS_Root_R3.crt
lrwxrwxrwx 1 root root     50 12月  2 15:18  GTS_Root_R4.pem -> /usr/share/ca-certificates/mozilla/GTS_Root_R4.crt
lrwxrwxrwx 1 root root     62 12月  2 15:18  Hongkong_Post_Root_CA_3.pem -> /usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt
lrwxrwxrwx 1 root root     67 12月  2 15:18  UCA_Extended_Validation_Root.pem -> /usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt
lrwxrwxrwx 1 root root     57 12月  2 15:18  UCA_Global_G2_Root.pem -> /usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt
lrwxrwxrwx 1 root root     62 12月  2 15:18  emSign_ECC_Root_CA_-_C3.pem -> /usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt
lrwxrwxrwx 1 root root     62 12月  2 15:18  emSign_ECC_Root_CA_-_G3.pem -> /usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt
lrwxrwxrwx 1 root root     58 12月  2 15:18  emSign_Root_CA_-_C1.pem -> /usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt
lrwxrwxrwx 1 root root     58 12月  2 15:18  emSign_Root_CA_-_G1.pem -> /usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt
lrwxrwxrwx 1 root root     65 12月  2 15:18  lets-encrypt-r3-cross-signed.pem -> /usr/share/ca-certificates/extra/lets-encrypt-r3-cross-signed.crt
lrwxrwxrwx 1 root root     74 12月  2 15:18  VeriSignClass3ExtendedValidationSSLCA.pem -> /usr/share/ca-certificates/extra/VeriSignClass3ExtendedValidationSSLCA.crt
lrwxrwxrwx 1 root root     84 12月  2 15:18  Microsoft_ECC_Root_Certificate_Authority_2017.pem -> /usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root root     84 12月  2 15:18  Microsoft_RSA_Root_Certificate_Authority_2017.pem -> /usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root root     80 12月  2 15:18  NAVER_Global_Root_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt
lrwxrwxrwx 1 root root     79 12月  2 15:18  Trustwave_Global_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt
lrwxrwxrwx 1 root root     88 12月  2 15:18  Trustwave_Global_ECC_P256_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt
lrwxrwxrwx 1 root root     88 12月  2 15:18  Trustwave_Global_ECC_P384_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt
lrwxrwxrwx 1 root root     58 12月  2 15:18  certSIGN_Root_CA_G2.pem -> /usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt
lrwxrwxrwx 1 root root     60 12月  2 15:18  e-Szigno_Root_CA_2017.pem -> /usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt
-rw-r--r-- 1 root root 201312 12月  2 15:18  ca-certificates.crt
lrwxrwxrwx 1 root root     49 12月  2 15:18  ff34af3f.0 -> TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
lrwxrwxrwx 1 root root     19 12月  2 15:18  fe8a2cd8.0 -> SZAFIR_ROOT_CA2.pem
lrwxrwxrwx 1 root root     41 12月  2 15:18  fc5a8f99.0 -> USERTrust_RSA_Certification_Authority.pem
lrwxrwxrwx 1 root root     20 12月  2 15:18  f51bb24c.0 -> Certigna_Root_CA.pem
lrwxrwxrwx 1 root root     18 12月  2 15:18  f39fc864.0 -> SecureTrust_CA.pem
lrwxrwxrwx 1 root root     24 12月  2 15:18  f387163d.0 -> Starfield_Class_2_CA.pem
lrwxrwxrwx 1 root root     34 12月  2 15:18  f3377b1b.0 -> Security_Communication_Root_CA.pem
lrwxrwxrwx 1 root root     41 12月  2 15:18  f30dd6ad.0 -> USERTrust_ECC_Certification_Authority.pem
lrwxrwxrwx 1 root root     44 12月  2 15:18  f249de83.0 -> Trustwave_Global_Certification_Authority.pem
lrwxrwxrwx 1 root root     47 12月  2 15:18  f0c70a8d.0 -> SSL.com_EV_Root_Certification_Authority_ECC.pem
lrwxrwxrwx 1 root root     23 12月  2 15:18  f081611a.0 -> Go_Daddy_Class_2_CA.pem
lrwxrwxrwx 1 root root     34 12月  2 15:18  ef954a4e.0 -> IdenTrust_Commercial_Root_CA_1.pem
lrwxrwxrwx 1 root root     38 12月  2 15:18  eed8c118.0 -> COMODO_ECC_Certification_Authority.pem
lrwxrwxrwx 1 root root     28 12月  2 15:18  ee64a828.0 -> Comodo_AAA_Services_root.pem
lrwxrwxrwx 1 root root     27 12月  2 15:18  e8de2f56.0 -> Buypass_Class_3_Root_CA.pem
lrwxrwxrwx 1 root root     25 12月  2 15:18  e868b802.0 -> e-Szigno_Root_CA_2017.pem
lrwxrwxrwx 1 root root     35 12月  2 15:18  e73d606e.0 -> OISTE_WISeKey_Global_Root_GB_CA.pem
lrwxrwxrwx 1 root root     25 12月  2 15:18  e36a6752.0 -> Atos_TrustedRoot_2011.pem
lrwxrwxrwx 1 root root     25 12月  2 15:18  e18bfb83.0 -> QuoVadis_Root_CA_3_G3.pem
lrwxrwxrwx 1 root root     12 12月  2 15:18  e113c810.0 -> Certigna.pem
lrwxrwxrwx 1 root root     20 12月  2 15:18  de6d66f3.0 -> Amazon_Root_CA_4.pem
lrwxrwxrwx 1 root root     27 12月  2 15:18  dd8e9d41.0 -> DigiCert_Global_Root_G3.pem
lrwxrwxrwx 1 root root     27 12月  2 15:18  dc4d6a89.0 -> GlobalSign_Root_CA_-_R6.pem
lrwxrwxrwx 1 root root     53 12月  2 15:18  d887a5bb.0 -> Trustwave_Global_ECC_P384_Certification_Authority.pem
lrwxrwxrwx 1 root root     23 12月  2 15:18  d853d49e.0 -> Trustis_FPS_Root_CA.pem
lrwxrwxrwx 1 root root     22 12月  2 15:18  d7e8dc79.0 -> QuoVadis_Root_CA_2.pem
lrwxrwxrwx 1 root root     38 12月  2 15:18  d6325660.0 -> COMODO_RSA_Certification_Authority.pem
lrwxrwxrwx 1 root root     37 12月  2 15:18  d4dae3dd.0 -> D-TRUST_Root_Class_3_CA_2_EV_2009.pem
lrwxrwxrwx 1 root root     20 12月  2 15:18  ce5e74ef.0 -> Amazon_Root_CA_1.pem
lrwxrwxrwx 1 root root     20 12月  2 15:18  cd8c0d63.0 -> AC_RAIZ_FNMT-RCM.pem
lrwxrwxrwx 1 root root     34 12月  2 15:18  cd58d51e.0 -> Security_Communication_RootCA2.pem
lrwxrwxrwx 1 root root     14 12月  2 15:18  cc450945.0 -> Izenpe.com.pem
lrwxrwxrwx 1 root root     44 12月  2 15:18  cbf06781.0 -> Go_Daddy_Root_Certificate_Authority_-_G2.pem
lrwxrwxrwx 1 root root     37 12月  2 15:18  ca6e4ad9.0 -> ePKI_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root     36 12月  2 15:18  c47d9980.0 -> Chambers_of_Commerce_Root_-_2008.pem
lrwxrwxrwx 1 root root     34 12月  2 15:18  c28a8a30.0 -> D-TRUST_Root_Class_3_CA_2_2009.pem
lrwxrwxrwx 1 root root     22 12月  2 15:18  c01eb047.0 -> UCA_Global_G2_Root.pem
lrwxrwxrwx 1 root root     49 12月  2 15:18  bf53fb88.0 -> Microsoft_RSA_Root_Certificate_Authority_2017.pem
lrwxrwxrwx 1 root root     37 12月  2 15:18  b7a5b843.0 -> TWCA_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root     23 12月  2 15:18  b727005e.0 -> AffirmTrust_Premium.pem
lrwxrwxrwx 1 root root     20 12月  2 15:18  b66938e9.0 -> Secure_Global_CA.pem
lrwxrwxrwx 1 root root     31 12月  2 15:18  b1159c4c.0 -> DigiCert_Assured_ID_Root_CA.pem
lrwxrwxrwx 1 root root     31 12月  2 15:18  b0e59380.0 -> GlobalSign_ECC_Root_CA_-_R4.pem
lrwxrwxrwx 1 root root     45 12月  2 15:18  aee5f10d.0 -> Entrust.net_Premium_2048_Secure_Server_CA.pem
lrwxrwxrwx 1 root root     13 12月  2 15:18  a94d09e5.0 -> ACCVRAIZ1.pem
lrwxrwxrwx 1 root root     15 12月  2 15:18  a3418fda.0 -> GTS_Root_R4.pem
lrwxrwxrwx 1 root root     31 12月  2 15:18  9d04f354.0 -> DigiCert_Assured_ID_Root_G2.pem
lrwxrwxrwx 1 root root     27 12月  2 15:18  9c8dfbd4.0 -> AffirmTrust_Premium_ECC.pem
lrwxrwxrwx 1 root root     26 12月  2 15:18  9c2e7d30.0 -> Sonera_Class_2_Root_CA.pem
lrwxrwxrwx 1 root root     53 12月  2 15:18  9b5697b0.0 -> Trustwave_Global_ECC_P256_Certification_Authority.pem
lrwxrwxrwx 1 root root     48 12月  2 15:18  988a38cb.0 -> 'NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem'
lrwxrwxrwx 1 root root     26 12月  2 15:18  93bc0acc.0 -> AffirmTrust_Networking.pem
lrwxrwxrwx 1 root root     34 12月  2 15:18  930ac5d2.0 -> Actalis_Authentication_Root_CA.pem
lrwxrwxrwx 1 root root     49 12月  2 15:18  8d89cda1.0 -> Microsoft_ECC_Root_Certificate_Authority_2017.pem
lrwxrwxrwx 1 root root     20 12月  2 15:18  8d86cdd1.0 -> certSIGN_ROOT_CA.pem
lrwxrwxrwx 1 root root     32 12月  2 15:18  8d33f237.0 -> lets-encrypt-r3-cross-signed.pem
lrwxrwxrwx 1 root root     20 12月  2 15:18  8cb5ee0f.0 -> Amazon_Root_CA_3.pem
lrwxrwxrwx 1 root root     34 12月  2 15:18  8160b96c.0 -> Microsec_e-Szigno_Root_CA_2009.pem
lrwxrwxrwx 1 root root     31 12月  2 15:18  7f3d5d1d.0 -> DigiCert_Assured_ID_Root_G3.pem
lrwxrwxrwx 1 root root     18 12月  2 15:18  7aaf71c0.0 -> TrustCor_ECA-1.pem
lrwxrwxrwx 1 root root     35 12月  2 15:18  773e07ad.0 -> OISTE_WISeKey_Global_Root_GC_CA.pem
lrwxrwxrwx 1 root root     63 12月  2 15:18  7719f463.0 -> Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
lrwxrwxrwx 1 root root     22 12月  2 15:18  76faf6c0.0 -> QuoVadis_Root_CA_3.pem
lrwxrwxrwx 1 root root     26 12月  2 15:18  76cb8f92.0 -> Cybertrust_Global_Root.pem
lrwxrwxrwx 1 root root     28 12月  2 15:18  75d1b2ed.0 -> DigiCert_Trusted_Root_G4.pem
lrwxrwxrwx 1 root root     25 12月  2 15:18  749e9e03.0 -> QuoVadis_Root_CA_1_G3.pem
lrwxrwxrwx 1 root root     24 12月  2 15:18  706f604c.0 -> XRamp_Global_CA_Root.pem
lrwxrwxrwx 1 root root     44 12月  2 15:18  6fa5da56.0 -> SSL.com_Root_Certification_Authority_RSA.pem
lrwxrwxrwx 1 root root     41 12月  2 15:18  6e7f22c1.0 -> VeriSignClass3ExtendedValidationSSLCA.pem
lrwxrwxrwx 1 root root     20 12月  2 15:18  6d41d539.0 -> Amazon_Root_CA_2.pem
lrwxrwxrwx 1 root root     40 12月  2 15:18  6b99d060.0 -> Entrust_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root     27 12月  2 15:18  68dd7389.0 -> Hongkong_Post_Root_CA_3.pem
lrwxrwxrwx 1 root root     29 12月  2 15:18  653b494a.0 -> Baltimore_CyberTrust_Root.pem
lrwxrwxrwx 1 root root     15 12月  2 15:18  626dceaf.0 -> GTS_Root_R2.pem
lrwxrwxrwx 1 root root     27 12月  2 15:18  607986c7.0 -> DigiCert_Global_Root_G2.pem
lrwxrwxrwx 1 root root     23 12月  2 15:18  5f618aec.0 -> certSIGN_Root_CA_G2.pem
lrwxrwxrwx 1 root root     23 12月  2 15:18  5f15c80c.0 -> TWCA_Global_Root_CA.pem
lrwxrwxrwx 1 root root     45 12月  2 15:18  5e98733a.0 -> Entrust_Root_Certification_Authority_-_G4.pem
lrwxrwxrwx 1 root root     26 12月  2 15:18  5d3033c5.0 -> TrustCor_RootCert_CA-1.pem
lrwxrwxrwx 1 root root     26 12月  2 15:18  5cd81ad7.0 -> TeliaSonera_Root_CA_v1.pem
lrwxrwxrwx 1 root root     22 12月  2 15:18  5ad8a5d6.0 -> GlobalSign_Root_CA.pem
lrwxrwxrwx 1 root root     38 12月  2 15:18  5a4d6896.0 -> Staat_der_Nederlanden_Root_CA_-_G3.pem
lrwxrwxrwx 1 root root     28 12月  2 15:18  57bcb2da.0 -> SwissSign_Silver_CA_-_G2.pem
lrwxrwxrwx 1 root root     27 12月  2 15:18  54657681.0 -> Buypass_Class_2_Root_CA.pem
lrwxrwxrwx 1 root root     32 12月  2 15:18  5443e9e3.0 -> T-TeleSec_GlobalRoot_Class_3.pem
lrwxrwxrwx 1 root root     35 12月  2 15:18  5273a94c.0 -> E-Tugra_Certification_Authority.pem
lrwxrwxrwx 1 root root     26 12月  2 15:18  4f316efb.0 -> SwissSign_Gold_CA_-_G2.pem
lrwxrwxrwx 1 root root     45 12月  2 15:18  4bfab552.0 -> Starfield_Root_Certificate_Authority_-_G2.pem
lrwxrwxrwx 1 root root     27 12月  2 15:18  4b718d9b.0 -> emSign_ECC_Root_CA_-_C3.pem
lrwxrwxrwx 1 root root     27 12月  2 15:18  4a6481c9.0 -> GlobalSign_Root_CA_-_R2.pem
lrwxrwxrwx 1 root root     29 12月  2 15:18  48bec511.0 -> Certum_Trusted_Network_CA.pem
lrwxrwxrwx 1 root root     43 12月  2 15:18  4304c5e5.0 -> Network_Solutions_Certificate_Authority.pem
lrwxrwxrwx 1 root root     23 12月  2 15:18  406c9bb1.0 -> emSign_Root_CA_-_C1.pem
lrwxrwxrwx 1 root root     34 12月  2 15:18  40547a79.0 -> COMODO_Certification_Authority.pem
lrwxrwxrwx 1 root root     16 12月  2 15:18  4042bcee.0 -> ISRG_Root_X1.pem
lrwxrwxrwx 1 root root     31 12月  2 15:18  40193066.0 -> Certum_Trusted_Network_CA_2.pem
lrwxrwxrwx 1 root root     45 12月  2 15:18  3fb36b73.0 -> NAVER_Global_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root     27 12月  2 15:18  3e45d192.0 -> Hongkong_Post_Root_CA_1.pem
lrwxrwxrwx 1 root root     26 12月  2 15:18  3e44d2f7.0 -> TrustCor_RootCert_CA-2.pem
lrwxrwxrwx 1 root root     61 12月  2 15:18  3bde41ac.0 -> Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
lrwxrwxrwx 1 root root     27 12月  2 15:18  3513523f.0 -> DigiCert_Global_Root_CA.pem
lrwxrwxrwx 1 root root     10 12月  2 15:18  349f2832.0 -> EC-ACC.pem
lrwxrwxrwx 1 root root     59 12月  2 15:18  32888f65.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
lrwxrwxrwx 1 root root     18 12月  2 15:18  2e5ac55d.0 -> DST_Root_CA_X3.pem
lrwxrwxrwx 1 root root     26 12月  2 15:18  2b349938.0 -> AffirmTrust_Commercial.pem
lrwxrwxrwx 1 root root     20 12月  2 15:18  2ae6433e.0 -> CA_Disig_Root_R2.pem
lrwxrwxrwx 1 root root     23 12月  2 15:18  2923b3f9.0 -> emSign_Root_CA_-_G1.pem
lrwxrwxrwx 1 root root     38 12月  2 15:18  244b5494.0 -> DigiCert_High_Assurance_EV_Root_CA.pem
lrwxrwxrwx 1 root root     32 12月  2 15:18  1e09d511.0 -> T-TeleSec_GlobalRoot_Class_2.pem
lrwxrwxrwx 1 root root     37 12月  2 15:18  1e08bfd1.0 -> IdenTrust_Public_Sector_Root_CA_1.pem
lrwxrwxrwx 1 root root     31 12月  2 15:18  1d3472b9.0 -> GlobalSign_ECC_Root_CA_-_R5.pem
lrwxrwxrwx 1 root root     23 12月  2 15:18  18856ac4.0 -> SecureSign_RootCA11.pem
lrwxrwxrwx 1 root root     59 12月  2 15:18  1636090b.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
lrwxrwxrwx 1 root root     27 12月  2 15:18  14bc7599.0 -> emSign_ECC_Root_CA_-_G3.pem
lrwxrwxrwx 1 root root     46 12月  2 15:18  106f3e4d.0 -> Entrust_Root_Certification_Authority_-_EC1.pem
lrwxrwxrwx 1 root root     15 12月  2 15:18  1001acf7.0 -> GTS_Root_R1.pem
lrwxrwxrwx 1 root root     26 12月  2 15:18  0f6fa695.0 -> GDCA_TrustAUTH_R5_ROOT.pem
lrwxrwxrwx 1 root root     32 12月  2 15:18  0f5dc4f3.0 -> UCA_Extended_Validation_Root.pem
lrwxrwxrwx 1 root root     34 12月  2 15:18  0c4c9b6c.0 -> Global_Chambersign_Root_-_2008.pem
lrwxrwxrwx 1 root root     44 12月  2 15:18  0bf05006.0 -> SSL.com_Root_Certification_Authority_ECC.pem
lrwxrwxrwx 1 root root     16 12月  2 15:18  0b1b94ef.0 -> CFCA_EV_ROOT.pem
lrwxrwxrwx 1 root root     15 12月  2 15:18  0a775a30.0 -> GTS_Root_R3.pem
lrwxrwxrwx 1 root root     54 12月  2 15:18  09789157.0 -> Starfield_Services_Root_Certificate_Authority_-_G2.pem
lrwxrwxrwx 1 root root     20 12月  2 15:18  080911ac.0 -> QuoVadis_Root_CA.pem
lrwxrwxrwx 1 root root     50 12月  2 15:18  06dc52d5.0 -> SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
lrwxrwxrwx 1 root root     25 12月  2 15:18  064e0aa9.0 -> QuoVadis_Root_CA_2_G3.pem
lrwxrwxrwx 1 root root     27 12月  2 15:18  062cdee6.0 -> GlobalSign_Root_CA_-_R3.pem
lrwxrwxrwx 1 root root     36 12月  2 15:18  03179a64.0 -> Staat_der_Nederlanden_EV_Root_CA.pem
lrwxrwxrwx 1 root root     45 12月  2 15:18  02265526.0 -> Entrust_Root_Certification_Authority_-_G2.pem

While OpenSSL 1.1.1 should work with both ISRG Root X1 and the now expired DST Root CA X3 in your ca-certificates file, for some reason it doesn't seem to work (you have both still in your root certificate store).

Since ca-certificates version 20211004 the DST Root CA X3 is "blacklisted", see the changelog.

Solution could be to manually remove or blacklist the DST Root CA X3 certificate from your root certificate store. I believe this can be done by adding a ! in front of the DST Root CA X3 entry in /etc/ca-certificates.conf and afterwards run update-ca-certificates again.

Gave this a try, but nothing has changed.
All the errors that have been there are still there.
I even tried a reboot of the server, and it didn't help (though at least it cleaned up some RAM and CPU usage).

In your list of root certs you showed this - what is that? I doubt you need it and if it is the old R3 could be a problem

lrwxrwxrwx 1 root root     65 12月  2 15:18  lets-encrypt-r3-cross-signed.pem -> /usr/share/ca-certificates/extra/lets-encrypt-r3-cross-signed.crt

Could show:

trust list | grep R3

will see GTS and GlobalSign

Wow, good catch!
I verified this on other Debian servers, and the mail server seems to be the only one that has it.

As for "trust list | grep R3":

trust list | grep R3
zsh: command not found: trust

But I just commented out both cerificates in the "/usr/share/ca-certificates/extra" folder (and by that I mean commented out in the "/etc/ca-certificates.conf" file), which is a folder that only exists on the mail server and updates the CA certificates as suggested last evening (currently night time), and I successfully renewed my cerificate now!
Thanks!

Something that never should have been added to the root certificate store in the first place

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.