Did some more checks and it really seems that for some reason the signing chain is broken on my system.
when I check the last valid certificate (from Dec. 1st) on my system I get:
openssl verify signed_chain.crt_20201201-033135
When I do the same check on the new created certificate (from Jan. 1st) I get:
openssl verify signed_chain.crt
CN = remote.xxxxx.de
error 20 at 0 depth lookup: unable to get local issuer certificate
error signed_chain.crt: verification failed
What is the “local issuer certificate”? Is it the CAFile that can be found under /etc/ssl/certs?
How can it be updated than? - running “update-ca-certificates” didnt change anything.
In /etc/ssl/certs I found lets-encrypt.pem that is linked to:
/usr/local/share/ca-certificates/lets-encrypt.crt is linked to:
My feeling is that the issue on my system is somehow related to this and/or my system missed an update in order to adapt it: https://letsencrypt.org/2020/09/17/new-root-and-intermediates.html