Marc Chamberlin wrote:
Anywise from what I am observing, let's say Computer A is running some services and it also has some security certificates from LetsEncrpyt that gets automatically updated.
Right. A perfectly straight forward setup.
There is no problem as far as Computer A is concerned. Now Computer B comes along and has a client that wants to connect to a service on computer A. In order to establish a secure connection to Computer A, Computer B's client presents a cached copy of the certificate that Computer B has for Computer A, to Computer A. But the certificate from Computer B is now out of date and Computer A refuses it.
"A" is running a service using LE certificates, maybe https - "B" connects and only needs to check if the certificate presented by "A" is valid. "B" typically does not present anything.
So my question is, who should have the responsibility for presenting a decent error message, the O.S. itself, or each client/server app?
The latter. The operating system is not in charge. Example: When your Firefox browser tries to connect to an https website and cannot validate the certificate presented by the server (expired, revoked, wrong name, unsupported TLS version), it is up to the browser to inform you.
In other words who do I belly ache to? BTW IMHO the error message from the ssh client is pretty decent and I got no complaints with it!
This is where I get lost - what has ssh got to with your LE certificates ? -- Per Jessen, Zürich (19.2°C)