dup of bug 1190858 the letsencrypt ca expiry... openssl should handle it fine, but it depends on how the chain cert management