On Friday 30 August 2019 12:45:04 Paddy Doyle wrote: > > Just to mention that the 'etckeeper' package from EPEL is great for > tracking changes to /etc. Package installs trigger a commit, as do a daily > cron job. > > If in this case it was a corrupt file in /etc/pki, then a 'git log' or > similar could show when it happened. Although I think you tried 'rpm -V' > already so perhaps it wasn't a corrupt cert file. > > Paddy > Hi Paddy, Thanks for this. I'll have a look. Incidentally, the *good* server that I was referencing my broken server against has decided to start giving the curl certificate errors in the same way that the broken one did. Very strange. I ran yum --disablerepo=\* --enablerepo=base --enablerepo=updates reinstall ca-certificates on this server and again it fixed the problem. This would suggest that the problem is actually external to the original broken server.