orbit: 2022-02-03T13:28:24-08:00 INF update failed error="update metadata: update metadata: tuf: failed to download 2.root.json: Get \"https://tuf.fleetctl.com/2.root.json\": x509: certificate has expired or is not yet valid: current time 2022-02-03T13:28:24-08:00 is after 2021-09-30T14:01:15Z"

Is there a proxy between the host/device and tuf.fleetctl.com? (seems the certificate is valid when visiting in the browser) As far as I can see there's no way to suppress the alert currently.

there is no proxy between host/device to external. I see this message on all the nodes where we deployed osquery/orbit app built by fleetctl

OK, could you run

curl <https://tuf.fleetctl.com>

on one of the hosts to double check?

curl https://tuf.fleetctl.com curl: (60) The certificate issuer's certificate has expired. Check your system date and time. More details here: http://curl.haxx.se/docs/sslcerts.html

OK, the issue is definitely not orbit then (I just tried the curl command from here and it works.). You should check the network configuration and which node is doing the TLS termination.

ok thanks for the confirmation. I will dig more