At March 1st, May 15th and June 2nd, Sectigo transitioned to new root certificates that are not included in the current stable ca-certificates package. This means that any new Sectigo certificate will not be trusted by Debian bookworm, which is starting to result in errors and will continue to get worse as expiring certificates are replaced with new ones.
See also https://www.sectigo.com/faqs/detail/Sectigo-Public-Intermediates-and-Roots/kA0Uj0000003eov Although this can be mitigated by either manually installing the new root certificates on each machine, or by adding the testing/trixy repository to get 20250419, or downloading the .deb and manually install it; it would be highly preferred if a more recent version is included in bookworm. Tom
