Hi Emma,
I got LDAPS working again by exporting the directory servers' DER certificates, converting them to PEM, creating the certificate hashes and restarting apache (basically redoing what I did when I first enabled LDAPS https://docs.moodle.org/30/en/LDAP_authentication#Using_LDAPS_.28LDAP_over_SSL.29 ).
This indicates that there was something wrong with the certificates, however if this were the case I do not understand how it only affected my 3 Moodle servers and not the entire University... (Out institution is mostly Microsoft, Moodle is the only core system running on Linux, and I am not very familiar with Windows and AD DCs - so I may be missing something obvious).
Do you know how to check a certificates expiry? openssl verify's response was "OK" even when there was obviously something wrong and you could not login.
It is working now, you can login to Moodle and change passwords, however I still see errors when running:
openssl s_client -connect server1.domain:636The error codes are below, but since it is working, I am not sure how significant they are
verify error:num=20:unable to get local issuer certificate
verify error:num=27:certificate not trusted
verify error:num=21:unable to verify the first certificate
My main concern is now is to try understand how this happened and how to avoid it happening again.
Thanks for getting back to me
Heli