When you access your LDAP or Samba/AD from extern you receive an error because the certificate has expired. But when checking your certificate it appears to be valid.
This only seems to happen when you’re using
stunnel to access a service behind your firewall. When using Let’s Encrypt this is even more likely to happen.
The reason behind is, that
stunnel is caching SSL information along with the certificate without realizing itself the cert has been expired.
You might check this via
openssl s_client --connect ucs-master.domain.tld:636
stunnel and things start working again.
systemctl restart stunnel
When you renewing your certs the next time keep in mind to also restart all related services.
When using Let’s Encrypt you might use its Script Hooks to archive this automatically. Create the following file
systemctl restart stunnel.service