Renewed CA cert and ucs-sso cert but still says expired

I have renewed my root CA cert via this article Renewing the SSL certificates and restarted and then I renewed the ucs-sso cert with this command:

univention-certificate renew -name "" -days "$(ucr get ssl/default/days)"

But now I get this error when trying to login as administrator

Cannot connect to the LDAP service.
Error message: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (certificate has expired)

The web gui works and is from godaddy and when I verify that cert with openssl it’s fine, if I verify the and the CAcert.pem it’s reporting

error 18 at 0 depth lookup: self signed certificate
error /etc/univention/ssl/ucsCA/CAcert.pem: verification failed


error 20 at 0 depth lookup: unable to get local issuer certificate
error /etc/univention/ssl/ucs-sso.*mydomain*.org/cert.pem: verification failed

If I run them through an openssl decode command they say they are valid till 2027. What am I missing?