You can check their certificate yourself by using a command like openssl s_client -connect example.com:443 -servername example.com (among other possibilities).
It seems like you haven’t wanted to tell us what the name of the service is, which makes it harder for other people on the forum to help check the certificate configuration of that service.
Thank you very much, I ran your command and did see this
subject=CN = example.com (the relevant domain) but that makes sense because now it works.
I didn’t see the expiry date but they do use letsencrypt as well so I wonder if the short period of time the error appeared, was when the automatic renewal did its job exactly when my server made the request.
Is there a way to see the expiry date of a remote certificate? Thanks!
Yes, in the output of that command you will see a section with -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. If you paste that into openssl x509 -text -noout, you’ll see all of the details about the server that the remote end sent. Alternatively, you can just do this in a single pipeline like
There are lots of other details about how to simulate specific browser/client behaviors and how to interpret the data contained in the certificate, but hopefully this will be helpful to you for now!
Thanks a lot!!
The date was 10 days before mine so it’s not that. Maybe something else. For now I will wait for the next time it occurs (hopefully not) and see if there’s a pattern again…