I have renewed my root CA cert via this article Renewing the SSL certificates and restarted and then I renewed the ucs-sso cert with this command:
univention-certificate renew -name "ucs-sso.mydomain.org" -days "$(ucr get ssl/default/days)"
But now I get this error when trying to login as administrator
Cannot connect to the LDAP service. Error message: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (certificate has expired)
The web gui works and is from godaddy and when I verify that cert with openssl it’s fine, if I verify the ucs-sso.mydomain.org and the CAcert.pem it’s reporting
error 18 at 0 depth lookup: self signed certificate error /etc/univention/ssl/ucsCA/CAcert.pem: verification failed and error 20 at 0 depth lookup: unable to get local issuer certificate error /etc/univention/ssl/ucs-sso.*mydomain*.org/cert.pem: verification failed
If I run them through an openssl decode command they say they are valid till 2027. What am I missing?