Certificates issued one hour too early?

I just issued a new certificate (using resty_auto_ssl) at 9.22 CET / 8:22 UTC, about 10 minutes ago.
However, the certificate shows an issue timestamp of one hour earlier.

Is this by design? GMT is always UTC+0, right?

openssl x509 -dates says:

depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = (redacted)
verify return:1
notBefore=Nov 30 07:22:31 2021 GMT
notAfter=Feb 28 07:22:30 2022 GMT

1 Like

Yes, certificates are backdated intentionally, to avoid issues with clock skew. (Though it does not solve all clock skew problems e.g. OCSP responses are not backdated.)


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.