Its cert was updated its and now my SMTP STARTTLS and POP3 STLS are failing. the first OpenSSL error logged a too low TLS so I turned off TLS1.1. Only TLS1.2 is enabled. now the error is "wrong ssl version" so I see i made a major mistake by auto updating the cert and its using a new R3 and now i can't connect to the sites, now the website bbs.dp-flowers.com. I need to restore with X3 today so I can then work on the new requirements.
sorry i did not back the previous *.pem files. Help
Lesson learned. -- stop automating things!! arggg. I just don't people screaming now. It appears R3 requires the latest OpenSSL DLLs. The logs is showing:
My fault. didn't back up the X3 *.pem in my acme update scripts. The pems were still good until 2/20 giving me time to do all crypto updating, study/test changes. Anyway, I panicked. sorry,
I just needed to update the CA intermediate certs bundle. phew! I don't have this in my script.
btw, in my server which uses OpenSSL, I have the ssl\cacert\cacert.txt with all the CA certs. I updated it as needed with new CAs and their change or you can copy the cert to the directory and its read in.
Which one do I copy to cacert?
*-chain.pem or *-chain-only.pem
I copied both, is that why you saw a root cert?
I have to see why openssl v1.1.1.7 reported "wrong ssl version"