acme-client tls_read: handshake failed

[PingPing]

I'm using OpenBSD 6.8 (GENERIC.MP).
I've been using Let's Encrypt for an SSL Certificate for one of my website.
I set it up shortly after 6.8 was release and it all worked fine.
I then pretty much left things for a while.
I've just recently noticed that I'm getting a "Your connection is not private" in my browser, so I tried debugging the problem.

So far I'm seeing this:

Code:

$ doas acme-client -Fv gondwanapl.com
acme-client: /etc/ssl/gondwanapl.com.fullchain.pem: certificate valid: 76 days left
acme-client: /etc/ssl/gondwanapl.com.fullchain.pem: forcing renewal
acme-client: https://acme-v02.api.letsencrypt.org/directory: directories
acme-client: acme-v02.api.letsencrypt.org: DNS: 172.65.32.248
acme-client: 172.65.32.248: tls_write: certificate verification failed: certificate is not yet valid
acme-client: 172.65.32.248: tls_read: handshake failed: error:14FFF086:SSL routines:(UNKNOWN)SSL_internal:certificate verify failed
acme-client: https://acme-v02.api.letsencrypt.org/directory: bad comm
acme-client: bad exit: netproc(79636): 1

I'm not sure why it's failing. Is anyone able to explain this and tell me how to fix it?

Thank you.

[jggimi]

"Certificate not yet valid" leads me to believe that the system running acme-client has an incorrect date / time set.

[J65nko]

Did you install all the published system patches for OpenBSD 6.8? See https://www.openbsd.org/errata68.html
What is the output of # syspatch -l?

[PingPing]

Thank you both for taking the time to consider my post.

@J65nko, I will look into patching my EdgeRouter Lite install. It's not something I've done before.

@jggimi, you are spot on (again). My 'date' was showing Jan 22 2021. I recall something about a network time daemon to keep systime up to date. I'll need to look into that so that this doesn't happen again.

Cheers all!