Still the same error
May 07 11:51:54 s2sin5611f9f38d10 debug certificate chain validation result: invalid
May 07 11:51:54 s2sin5611f9f38d10 debug certificate error(s) at depth 0: EE certificate key too weak, self signed certificate
May 07 11:51:54 s2sin5611f9f38d10 warn Forbidding insecure connection to/from pubsub.beta.kontalk.net because its certificate is self-signed
I wonder why it works fine with beta.kontalk.net but not with the pubsub subsubdomain.
Via openssl I now get the following - still different compared to the others
---
Certificate chain
0 s:CN = beta.kontalk.net
i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
2 s:O = Digital Signature Trust Co., CN = DST Root CA X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
The last one is signed by itself?
They say the ISRG root should be widely accepted by now
That is interesting, since I found this issue on 3 different machines, Debian 9 and 10 + Ubuntu 18.04