Certificates issued one hour too early?

rgj · November 30, 2021, 8:30am

I just issued a new certificate (using resty_auto_ssl) at 9.22 CET / 8:22 UTC, about 10 minutes ago.
However, the certificate shows an issue timestamp of one hour earlier.

Is this by design? GMT is always UTC+0, right?

openssl x509 -dates says:

depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = (redacted)
verify return:1
notBefore=Nov 30 07:22:31 2021 GMT
notAfter=Feb 28 07:22:30 2022 GMT

_az · November 30, 2021, 9:06am

Yes, certificates are backdated intentionally, to avoid issues with clock skew. (Though it does not solve all clock skew problems e.g. OCSP responses are not backdated.)

system · December 30, 2021, 9:06am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Time zone considerations needed for certificates? Issuance Tech	2	8835	December 25, 2016
Valid from date on cert off by 1 hour Help	2	921	October 31, 2019
Why my LE cert notbefore date one hour before i apply to issue Help	4	1602	May 31, 2018
Wrong validity timestamps in certificate? Issuance Policy	6	1342	January 26, 2019
Time zone problem with issue date? Issuance Tech	13	8698	November 8, 2015

Certificates issued one hour too early?

Related topics