AddTrust External CA Root is expired

Question

AddTrust External CA Root is expired

Closed this issue a year ago · 2 comments

Hello, I've been using the check_ssl_cert plugin for a few days and it works correctly, I just have a problem on a particular site that I need to monitor the expiration of the SSL certificate.
for that site it gives me this error
SSL_CERT CRITICAL "site": x509 certificate element 2 **(AddTrust External CA Root) is expired (was valid until May 30 10:48:38 2020 GMT, 1089 days ago)|**days_chain_elem1=160;20;15;; days_chain_elem2=-1089;20;15;;

tried with --noauth option but got same error..
is it possible to ignore this check? I am only interested in the expiration of the site certificate, not the intermediate or CA or External CA
Thank you

System (please complete the following information):

OS: Amazon Linux 2 AMI
check_ssl_cert-2.69.0
OpenSSL version OpenSSL 1.0.2k-fips

Answer 1 · 2023-05-24T14:08:19.000Z

You could try with --first-element-only (or with --skip-element 2)

Answer 2 · 2023-05-25T08:23:00.000Z

with --first-element-only work fine
Thanks!