We’re trying to validate a new copy of X; the validation fails, and if I add “&x-verbose=1” to the URL, I can see that cURL returns “error 60: SSL certificate problem: certificate has expired”. cURL’s own CA certs are up to date on the server, and it actually looks like the expired cert is the one for community.theme.co; checking our DNS logs, I can see the WP host looking up that domain name during the validation process.
I checked this with cURL:
# curl https://community.theme.co --cacert /etc/pki/trust/anchors/cacert.pem --verbose
* Rebuilt URL to: https://community.theme.co/
* Hostname was NOT found in DNS cache
* Trying 50.31.66.102...
* Connected to community.theme.co (50.31.66.102) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/pki/trust/anchors/cacert.pem
CApath: /etc/ssl/certs/
* SSLv3, TLS Unknown, Unknown (22):
* SSLv3, TLS handshake, Client hello (1):
* SSLv2, Unknown (22):
* SSLv3, TLS handshake, Server hello (2):
* SSLv2, Unknown (22):
* SSLv3, TLS handshake, CERT (11):
* SSLv2, Unknown (21):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: certificate has expired
* Closing connection 0
curl: (60) SSL certificate problem: certificate has expired
And then double-checked with SSLLabs:
(Full results at https://www.ssllabs.com/ssltest/analyze.html?d=community.theme.co)
…and it looks as though the issue with the recently-expired cert on community.theme.co. Do you know when it’ll be fixed?