$ date
Mon Nov 20 11:55:28 PM CST 2023
$ openssl s_client -connect downloads.openwrt.com:443
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
**depth=0 CN = *.mytrafficmanagement.com**
**verify error:num=10:certificate has expired**
**notAfter=Nov 8 23:39:32 2023 GMT**
verify return:1
depth=0 CN = *.mytrafficmanagement.com
notAfter=Nov 8 23:39:32 2023 GMT
verify return:1
---
Certificate chain
0 s:CN = *.mytrafficmanagement.com
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 10 23:39:33 2023 GMT; NotAfter: Nov 8 23:39:32 2023 GMT
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
---
(snipped)
This is causing opkg to refuse to connect for package updates. I searched the forum and didn't find any other topics which left me a little surprised as the cert expired almost two weeks ago. Using '--no-check-certificate' allows opkg to download package metadata.