openssl s_client -connect acme-staging-v02.api.letsencrypt.org:443 -host acme-staging-v02.api.letsencrypt.org
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = acme-staging.api.letsencrypt.org
verify return:1
Certificate chain
0 s:CN = acme-staging.api.letsencrypt.org
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
Server certificate
-----BEGIN CERTIFICATE-----
MIIFbTCCBFWgAwIBAgISA12fX+Z2dyYcntHiMIY1RfjQMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTEyMTYwNDQ5NTVaFw0yMjAzMTYwNDQ5NTRaMCsxKTAnBgNVBAMT
IGFjbWUtc3RhZ2luZy5hcGkubGV0c2VuY3J5cHQub3JnMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAtLW4vJMcBAmdiXl6g+e6zej8FWO65itj+y6RgYUW
WuhYjXLoak90v3N3Yocs9e++O4JE864X5xqR1fozqoSexBu00zSLpv+/OqysB4PO
HKIZikoIs5565fut0wqps+kpWN0Ko7TDXLSqPKm2PEjz7rfxZLdQCBBodANj+ExX
/qw5nDOWA/5PhPFzYfdCTE+SfDRq5eZycJ70wy02HzgJWzog6qshnTTKZXlx0u97
dIysH1PLsKI3KMx2bmyh52IiYJ0yafMN844YJlyY+n496WJtDy2+r4A0yMApGuvG
eiUIpODIqw3BUpdtwBgEb1/1I2uuyqSccG7zLOaII6OeKQIDAQABo4ICgjCCAn4w
DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAM
BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSRsh5+NzqL0+a8aDuQocE8b2PTdTAfBgNV
HSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYI
KwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0
cDovL3IzLmkubGVuY3Iub3JnLzBRBgNVHREESjBIgiRhY21lLXN0YWdpbmctdjAy
LmFwaS5sZXRzZW5jcnlwdC5vcmeCIGFjbWUtc3RhZ2luZy5hcGkubGV0c2VuY3J5
cHQub3JnMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYI
KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBQYKKwYBBAHW
eQIEAgSB9gSB8wDxAHYA36Veq2iCTx9sre64X04+WurNohKkal6OOxLAIERcKnMA
AAF9wco7FgAABAMARzBFAiEAtHBtR125kbB5JqBXH6OJWdawO6SrgofItXM0zUKE
GaUCIHf85EHXZtVUoMjottbiIiShHMPPDGrXIVhXIGzfcgEeAHcARqVV63X6kSAw
taKJafTzfREsQXS+/Um4havy/HD+bUcAAAF9wco7UQAABAMASDBGAiEAjFRx4j8x
B/dxPVJC7PKCRe/B9ijdpLBiL7kIAbMYwoICIQDqBGC8Wf0ChpKS97ixw5+S3et7
+is4elsUuS/3Ii9YNjANBgkqhkiG9w0BAQsFAAOCAQEAcuPOBNHrPPyvXDsCh3n/
MifjBjcObT8uPg9IIL3Sjb5TUI5TFGHQeCnT1vmbztuNwsmM4kb5qQp9J8ddDVwX
lTshShyykGmprVN0qWFhGEw0AdP5k/wAXKVh+8B5cVcKWcWcKVQxUPsuiokhHTBj
1R67ix5UhUR2Xv4TAnwzYf9wUmTNhEDcphJTCoNfQ1jADcIjwWlDXtlDtb67OrdS
FvzXnJKOQq5zzp0mX7mErnHMb2FRfI+w+L5flKchf8eSzhuscptYwoaIPtX4/xeA
fZtJ1FIB9TD7FtSIRlWNttqMShvl3Xq8OLzkKtZAhJ0zg57roslOt6tNIcMXQ9VI
KA==
-----END CERTIFICATE-----
subject=CN = acme-staging.api.letsencrypt.org
issuer=C = US, O = Let's Encrypt, CN = R3
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
SSL handshake has read 3264 bytes and written 418 bytes
Verification: OK
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 616A8D63E2AE55B0E1F03DAAF3FC37FC0934C77D727BDEC00CE6647A2DD73697
Session-ID-ctx:
Resumption PSK: 75CF97A313C7C2BB170FF6F4D8138D7FB4C9841944A0DA3902101C27786769DD4521D4A5399D0A81B4A94B0BBD4E79E7
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
0000 - 2a 09 c9 92 e8 d4 d2 f2-5f b3 03 37 aa 7f 6f 3a *......._..7..o:
0010 - cb 13 1d 28 e9 8c 28 df-23 8e 7e 57 9f 9a 45 19 ...(..(.#.~W..E.
Start Time: 1640945025
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
read R BLOCK
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: DF504C4BE6A1039492A96B16CE0153F742EFC0BCCE4A50CE3699AA14CB1A797B
Session-ID-ctx:
Resumption PSK: A885D4F25463F8AD50BD7B757166A09C135D4537C9CCBC38AA642E6F3A595B65762697B7E7B31CC975BB7B7006FC7E48
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
0000 - 0a 6c fb 62 42 e3 46 ec-9c 87 0d 15 84 82 3e aa .l.bB.F.......>.
0010 - 97 a6 b2 ba b6 05 9a 2d-f5 ba 5c ed 28 bd ab cc .......-...(...
Start Time: 1640945025
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
read R BLOCK
openssl s_client -connect valid-isrgrootx1.letsencrypt.org:443 -host valid-isrgrootx1.letsencrypt.org
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = valid-isrgrootx1.letsencrypt.org
verify return:1
Certificate chain
0 s:CN = valid-isrgrootx1.letsencrypt.org
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
Server certificate
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISBAaszZ0PnwjQIHO8Rv3AiVOMMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTEyMDgxNTAwMjBaFw0yMjAzMDgxNTAwMTlaMCsxKTAnBgNVBAMT
IHZhbGlkLWlzcmdyb290eDEubGV0c2VuY3J5cHQub3JnMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA5Ht9ZHwDzNuARuVm2HoVlSISbkPZQiaRs9jy/ZiR
10xCrvvT239pAy2+vDhnu2S9EkCu6e7v3JwXhuDeNdxWfDtgAkYXOswv1tfKJ2fK
hHZEQ+Sfnv+98zMHk5kq5QRJaH695jGs/HxKn9HsD+KDzW+i06gql0wj0ulLJXg8
QZ4a2ycfWM/uktECGsnOJe+XNvHl/CwwHVGcs69vihINptTCC0HKfcDTByxlHSDJ
F/ZWDn7YLH50gq7sKgGrnNT2y8WrDIqqmpBzd1h99xwzoxVaBoEWQ3vnIqwV52y0
a6q/qYCf7xXI1L2GahfJiuQumC39B71ijsGW7Ix3Rj9kmQIDAQABo4ICWjCCAlYw
DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAM
BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRmAcd9NcViCgOAbZtr5yIZyy3WQTAfBgNV
HSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYI
KwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0
cDovL3IzLmkubGVuY3Iub3JnLzArBgNVHREEJDAigiB2YWxpZC1pc3Jncm9vdHgx
LmxldHNlbmNyeXB0Lm9yZzBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLf
EwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCC
AQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AEHIyrHfIkZKEMahOglCh15OMYsbA+vr
S8do8JBilgb2AAABfZrGNncAAAQDAEcwRQIhAM21Drq2jeu8yXpHskGH8NbfXCb0
RGWUwHOYMOlfyS0EAiAGh4XgP8GUI4d9sQcSE6UcGJ3kDjPYysfgRcH9BEqeOwB1
AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw/m1HAAABfZrGNm8AAAQDAEYw
RAIgIvg+iasLBv6xIzMF5X27LQ96A8Yj8319ygC+eMjhW10CIHApsSN21AtTgwpu
i1chVwVjy2WAlPITs1t24WdVOo09MA0GCSqGSIb3DQEBCwUAA4IBAQBO+0gfQhni
kTWUk2Q+qG5y0Eut73x8/LVhctwQxVYzVCO/r8iUP3QePzQeRSakIWTNdyOAeLeV
iNqXUb3FJVx7dlz8/RfnjnYCheXYYxKsQcDBqwg56fTrjfSyYiNP5UoYhSzi0w5P
y7+GqrINMGHDgHDHwu93fRpFW4hs92QZgHPhfJyGiNvKzhxrZSWUvUTE/WFMBxNp
Uv3RwOV0lrLRyCuvGfBSHGEG+BPojAjlik7Diqu99cCxF37xfjf1CbWcBuq9jIcH
VcCTJjyE3T28gzGyC9uxWL2eUiYBvXxiXiULpY58eMzNCBamgPunZFvi3D30DN4X
H+Vsv0i7Mrz2
-----END CERTIFICATE-----
subject=CN = valid-isrgrootx1.letsencrypt.org
issuer=C = US, O = Let's Encrypt, CN = R3
No client certificate CA names sent
Peer signing digest: SHA512
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
SSL handshake has read 3368 bytes and written 460 bytes
Verification: OK
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: A5BAD40ECB25A65838CDB5221E5FDEF7ECFCA15F38EE75AEA564B88EA5ED7A59
Session-ID-ctx:
Master-Key: 02C24D80B0851F2D339705AE0270A1F549CF0A43AEB3CE95CF2DF257368ACA76E78AC16BD7A55F6DE788AE2D900E46A8
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
0000 - bc d3 7e 87 1c 82 93 93-a3 f6 1d d4 5a 3b 16 bd ..~.........Z;..
0010 - ef 00 e7 a7 fb d1 27 1b-af 63 3d 42 b7 bc 87 3c ......'..c=B...<
0020 - e0 88 14 de dd 5e ff f3-4f 87 bd 85 cf 50 fd 1a .....^..O....P..
0030 - 77 68 07 ff 51 dc 26 ce-8e f1 90 9f df ab d8 63 wh..Q.&........c
0040 - d5 5a 6f c7 81 45 70 41-ab 7e 6f 9d b8 19 ee f9 .Zo..EpA.~o.....
0050 - bc a3 0d 68 22 06 7c 86-09 2a 48 73 06 4c f6 f6 ...h".|..*Hs.L..
0060 - 2e 3a 42 64 9e ab 06 66-65 f4 c7 2d c9 e4 f1 ff .:Bd...fe..-....
0070 - 7c 5e b6 c7 78 11 87 a8-5c f0 9c 01 99 87 6d 04 |^..x........m.
0080 - fd 3e 7f ad 1d 4a b2 5d-e0 ed dd 6b c3 05 78 cd .>...J.]...k..x.
0090 - 9d df 09 fb 39 11 bf 5d-c2 1c 95 46 6e 5c 4b da ....9..]...Fn\K.
00a0 - ae 3a ff d7 74 bf 28 f6-f1 26 83 f2 0f ab 87 98 .:..t.(..&......
00b0 - e7 e5 a9 a9 ad d1 3d 7e-8f 48 18 15 92 5f ed 01 ......=~.H..._..
00c0 - 56 eb 68 3c 04 b2 3e cf-ac ad 72 d4 3e 65 50 f7 V.h<..>...r.>eP.
Start Time: 1640945161
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
root@server3:~# openssl s_client -connect letsdebug.net:443 -host letsdebug.net
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = letsdebug.net
verify return:1
Certificate chain
0 s:CN = letsdebug.net
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
Server certificate
-----BEGIN CERTIFICATE-----
MIIEVjCCAz6gAwIBAgISBBFTW9blx6vqycUnr37UIoEJMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTEyMjYyMzI4MDdaFw0yMjAzMjYyMzI4MDZaMBgxFjAUBgNVBAMT
DWxldHNkZWJ1Zy5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASR5DWDDpZG
vSBgwT5Zt8nUc0nPvIH4mVsVKEg8yE7sq8KuMvkHB6Wg2kYWU0vcsab+yV+C7AlE
n8LPlmUmrLPlo4ICSTCCAkUwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQi86iUzozL
pTasuLpFeGHktVYxEzAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBV
BggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9y
ZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAYBgNVHREEETAP
gg1sZXRzZGVidWcubmV0MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8T
AQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIB
BQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5
TV0mXCVdx4QAAAF9+UmSIwAABAMARzBFAiEAtvCpFmVNitRszsnDvEi0YpovXsNG
lE4wBdFR+0cZsU4CICki0QRHXo1s4n7IAqov1T4sYolcL1XhaSDZblJE7jcEAHcA
b1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAF9+UmS5QAABAMASDBG
AiEAum2SuMdHE+zzLV7xJNX3UkiXD3ZvrZcs/j3W6PmrvroCIQCMAf/qp9OqTddw
Q7koOT+RPwmZUsMF+D9LAdWED/RtJzANBgkqhkiG9w0BAQsFAAOCAQEAovMcVCG7
qHgh1Yw+phQfIKQ7VuVbnOhV9yZBqCajkSHQNpS0+swwqvhzR09rs8D+LXrCT4Ad
g1axX2YZML63wCmUQnwF7POsUrfqVqku8ah3aBnaBERVkibxV2kI9DhYEi4uXUWA
s7C0KlefE+dnhWZdt1LoWAn//izJd+27U8w+3FwxBiasMtbPnV7NSCDSISYviZjv
kGlNRwZOVuFJPAcMQzbW7s9Ilc0EGnBbnrSRp4Inya7xzsQrXgktVaEt/nA+WPdB
b5J5D/EXlJrjChYcBiewuGk6Gqt4lgy61VuCwjNKqWRo9REJNtAr2J3BBytOfO1w
gCFmtitM8jgdoQ==
-----END CERTIFICATE-----
subject=CN = letsdebug.net
issuer=C = US, O = Let's Encrypt, CN = R3
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
SSL handshake has read 4184 bytes and written 395 bytes
Verification: OK
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 0350DC8F55B94FF0CA0C0EDB9F4C0C819C61DB7C1D6CC13E72C6A25BA378B92D
Session-ID-ctx:
Resumption PSK: C9EE5391D92C64A22B8F97FE726F358A3B9D3AFC6418DBC7A8D274BCF3EC07417F4C96EFF4DA443C4727996B1C2FEE15
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 37 9e c0 3a 7e b8 ff b2-ee 6a 30 04 a7 a5 18 56 7..:~....j0....V
0010 - 54 f0 c1 eb a8 63 ca 0a-53 88 3d 2c f5 2c 04 45 T....c..S.=,.,.E
Start Time: 1640945191
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
read R BLOCK
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: F43FDED785E3FD4806644194208AE1B614B5F132B94D7FD51FBAC36C575C8DDC
Session-ID-ctx:
Resumption PSK: E390368C61D13D39B72EC4A4DAE108CB76108DF541F13DFFFFF2BA3F127F4AF5D3E71A3CC03BECA55E2AF33682FEA2A5
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - b0 7d d8 60 cb fa cf ab-7c 06 c5 ab 02 c5 e8 41 .}.....|......A 0010 - d1 c4 f2 04 1d 86 47 7f-8e 36 60 7b f4 2e 19 af ......G..6
{....
Start Time: 1640945191
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
read R BLOCK