Cannot click "Always trust this certificate in future sessions"

[Norbert Schlia]

The "Always trust this certificate in future sessions" and "Trust this certificate on the listed alternative hostnames" checkboxes are greyed out and cannot be clicked.

Dialog pops up again next time the site is opened.

[Tim Kosse]

Check the other certificates in the chain, one of them must be expired and needs to be renewed.

[Norbert Schlia]

Did not check the chain, it is true, the "DST Root CA X3" certificate has expired as of 30/09/2021.

But this is still a FileZilla bug, it uses an outdated certificate chain, see ​https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/"

It should use the new "ISRG Root X1" and not the outdated one. The new certificate shows as intermediate instead.

You can check the correct validation path with

openssl s_client -showcerts -servername ftp.oblivion-software.de -connect ftp.oblivion-software.de:21 -starttls ftp </dev/null

This returns the same path as the web server:

openssl s_client -showcerts -servername www.oblivion-software.de -connect www.oblivion-software.de:443 </dev/null

[Tim Kosse]

Cannot reproduce.

Make sure you are using the latest version of FileZilla and make sure to delete the expired certificate from your system's trust store.

[Norbert Schlia]

Tested with 3.57.0 -> works as expected.
The version that had the problem was 3.52.2 (Bullseye repository package).
On Bookworm the version is 3.56.2, probably you could add it to Bullseye-Backports, if the problem is fixed in this version.

Thanks!