For those that don’t know, Duo Security has been sending out emails since at least the end of August about their CA certificate bundle expiring on February 2nd, 2026. The main point was to upgrade your system so you can keep using Duo Security’s MFA on ssh, web servers, etc.

The last time I installed Duo’s MFA tool, I built it from source. The upgrade, which includes the new certs, appears to have been successful, but it took about 6 hours to get it working.

I say it appears to be successful because before the upgrade to the current version, every login would generate an email and log entry in the Duo unsupported (can’t get an update to the CA bundle) log panel on the admin site.

I haven’t seen any new entries or received any new emails since the upgrade, but it was an adventure to get it working. I’ll share a more thorough write-up before February 2nd, in case anyone else gets stuck.