SSL certificate expired issue

Question

SSL certificate expired issue

Closed this issue 4 years ago · 6 comments

There are issues with some SSL connections if you make any request to URL that has Sectigo SSL certificate on its certificate chain see https://twitter.com/__agwa/timelines/1266777818811322368.
openssl 1.1 seems to deal with this properly(match how browser does it) while 1.0 have the same problem as hackney so I would assume that how hackney follow the certificate chain is similar to 1.0 of openssl

Answer 1 · 2020-06-01T10:51:47.000Z

Encountered same issue. Hackney works fine last week but currently encounter certificate_expired error when making HTTPS request.

Answer 2 · 2020-06-01T10:52:39.000Z

Any ideas how to fix it guys?

Answer 3 · 2020-06-01T10:58:52.000Z

@ilya-lopukhin

If you need a hotfix, you can use the option {insecure, true}.

But had better not bypass the SSL verification.

Answer 4 · 2020-06-01T14:38:46.000Z

Same issue here. We think this might be related : https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration

Answer 5 · 2020-06-02T06:12:32.000Z

We ran into the same issue. We found that most of the other language clients were able to connect without issues, but hackney failed. We found two workarounds

disable ssl verficiation via ssl: {:verify, :verify_none}
remove addtrust key from the certificate bundle. curl -#fSlo priv/cacerts.pem https://mkcert.org/generate/all/except/addtrust

Answer 6 · 2020-12-18T06:18:34.000Z

fixed in latest master. It will be part of the new release.