Hi,
I wanted to check if my files are valid
root@lylyanne:~# openssl verify -untrusted /etc/letsencrypt/live/lylyanne.tv/fullchain.pem /etc/letsencrypt/live/lylyanne.tv/cert.pem
/etc/letsencrypt/live/lylyanne.tv/cert.pem: OK
root@lylyanne:~# openssl verify -CAfile /etc/ssl/certs/ca-certificates.crt /etc/letsencrypt/live/lylyanne.tv/cert.pem
CN = lylyanne.tv
error 20 at 0 depth lookup: unable to get local issuer certificate
error /etc/letsencrypt/live/lylyanne.tv/cert.pem: verification failed
I'm getting complaints from ejabberd that they're signed with an unknown CA
@ejabberd_pkix:log_warnings/1:393 Invalid certificate in /etc/letsencrypt/live/lylyanne.tv-0001/fullchain.pem: at line 63: certificate is signed by unknown CA
I suspect this is the cause, outdated ca-certificates
root@lylyanne:~# dpkg -l ca-certificates
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-===============-============-============-=================================
ii ca-certificates 20211016 all Common CA certificates
But I've already run apt update ; apt upgrade -y and it's still on that old version ?