update real world certificates (#207)

Author: conradludgate

admin/MAINTAINENCE.md

@@ -10,7 +10,7 @@ on our mock CA and the certificates issued by it. As such, they will expire abou
 
 Thankfully, updating these has become easy:
 - If the `verification_real_world` tests are failing, do the following:
-    1. Run `cargo run --example update-certs.rs`
+    1. Run `cargo run --example update-certs`
     2. Using your tool of choice, update the hardcoded time in `verification_time` to match the current datetime.
     3. Commit your changes and push up a fix branch/PR.
 - If the `verification_mock` tests are failing, do the following:

rustls-platform-verifier/src/tests/mod.rs

@@ -62,8 +62,8 @@ pub fn assert_cert_error_eq<E: StdError + PartialEq + 'static>(
 /// we know the test certificates are valid. This must be updated if the mock certificates
 /// are regenerated.
 pub(crate) fn verification_time() -> pki_types::UnixTime {
-    // Wed, 13 August 2025 19:31:53 UTC
-    pki_types::UnixTime::since_unix_epoch(Duration::from_secs(1_755_113_506))
+    // Sat, 3 January 2026 14:20:06 UTC
+    pki_types::UnixTime::since_unix_epoch(Duration::from_secs(1_767_450_006))
 }
 
 fn test_provider() -> Arc<CryptoProvider> {

rustls-platform-verifier/src/tests/verification_real_world/aws_amazon_com_valid_1.crt

@@ -69,12 +69,12 @@ const VALID_AWS_AMAZON_COM_CHAIN: &[&[u8]] = &[
 fn valid_aws_chain_names() -> Vec<String> {
     const VALID_AWS_NAMES: &[&str] = &[
         "aws.amazon.com",
-        "www.aws.amazon.com",
-        "aws-us-east-1.amazon.com",
         "aws-us-west-2.amazon.com",
+        "www.aws.amazon.com",
+        "1.aws-lbr.amazonaws.com",
         "amazonaws-china.com",
         "www.amazonaws-china.com",
-        "1.aws-lbr.amazonaws.com",
+        "aws-us-east-1.amazon.com",
     ];
 
     VALID_AWS_NAMES