|
|
|
|
|
|
by snailmailman
474 days ago
|
|
|
Oh interesting. I didn’t realize certs get backdated a bit, but that makes a lot of sense. Interesting that the same isn’t done with SCTs. I doubt my system time was off by 10 seconds, but I have seen it off by nearly a full second quite frequently. (I checked just now, 700ms behind?) I was checking it quite often via time.gov for a while, and I know the inaccuracy returns after each boot. Maybe my bios doesn’t keep milliseconds, leaving me at ~1s precision only. I suppose that’s probably fine most of the time, but I feel like it should be more precise. Depending on how much it drifts it could be drifting further... In the case I saw this error, the cert did not exist until I requested the page. Caddy then handles cert creation on-demand and serves it immediately. It’s my own local server- so my latency to it is <1ms - there isn't much time for the cert to become-more-valid if its fresh. It seems likely that my PC fell behind the server enough that the cert wasn't valid for a second or more? I'm tempted to investigate, but right now I only have one cert that needs updating - and it seemed to reissue and load the page just now without issue. (But looking at the cert, I see what you mention - the cert got backdated but not the SCT.) |
|
|