DoT Certificates expired

route66 · October 24, 2025, 10:03am

Auf ein paar der dnsforge.de Resolver scheint das DoT-Zertifikat abgelaufen zu sein.

test ~ % echo | openssl s_client -connect 91.99.154.175:853 >/dev/null
Connecting to 91.99.154.175
Can't use SSL_get_servername
depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1
verify return:1
depth=1 C=US, O=Let's Encrypt, CN=E5
verify return:1
depth=0 CN=dnsforge.de
verify error:num=10:certificate has expired
notAfter=Oct 22 21:19:42 2025 GMT
verify return:1
depth=0 CN=dnsforge.de
notAfter=Oct 22 21:19:42 2025 GMT
verify return:1
DONE
test ~ % 
test ~ % echo | openssl s_client -connect 176.9.93.198:853 >/dev/null
Connecting to 176.9.93.198
Can't use SSL_get_servername
depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1
verify return:1
depth=1 C=US, O=Let's Encrypt, CN=E5
verify return:1
depth=0 CN=dnsforge.de
verify error:num=10:certificate has expired
notAfter=Oct 22 21:19:42 2025 GMT
verify return:1
depth=0 CN=dnsforge.de
notAfter=Oct 22 21:19:42 2025 GMT
verify return:1
DONE
test ~ %

dominion · October 24, 2025, 4:51pm

oh danke!

ich passe mal das Monitoring auf die einzelnen IPs an.