How do I kick it to retry the relays connection?

I get

* dynamic+https://relays.syncthing.net/endpoint: Get "https://relays.syncthing.net/endpoint": x509: certificate has expired or is not yet valid: current time 2021-10-05T15:46:56+02:00 is after 2021-09-30T14:01:15Z

Checking with my webbrowser shows that the cert has been renewed already. I tried restarting syncthing, but it still shows that error. How do I tell it to try again?

The problem is likely your system CA pool, like in the recent APT threads here about similar errors. Try updating the certificate store using the appropriate mechanism for your OS.

1 Like

Ok, that did it. thx.

Are you chaining the expired cert? The error message should be “Unable to locally verify the issuer’s authority.” if the local root is missing, not “Issued certificate has expired.”…

We are, but there are other details in play. One of them being, as I understand it, that whatever chain we send is ignored if the corresponding certificate is also present in the local store.

I think what happens here is the local expired certificate is completely ignored. If the webserver is not chaining it, you get an error message about the missing root cert, but if it is, you get a message about the server’s cert being expired. Technically the server’s chained root cert is expired, but the message doesn’t differentiate that.