>>/1671/
Next step I guess is to poke around in the code and see what / where it is getting the root CA list, what cert it is actually receiving from ptr.hydrus.network (same expired cert as browser or different one). 

Would appreciate any tips / if you have something I could easily run. I see certifi in the dependency chain, but I haven't checked what actually happens in the application.