Replying again, the inconsistency seems to be because their cert is fine over IPv6 but IPv4 is still showing expired. That’s a very strange setup y’all have there NIST.

https://www.ssllabs.com/ssltest/analyze.html?d=nvd.nist.gov

Bizarre, ssllabs test says IPv4 "A+", IPv6 "T" (whatever that means, Qualys).

I see the TLS error on direct connection, with Brave (Chromium), but have only IPv4 connectivity.

Still showing as expire cert on on my iPhone at 2024-09-02T15:54:30Z.

Do they have a cached OCSP staple response or something?