diff --git a/Cargo.toml b/Cargo.toml
index dc89021e8d5230a587903633c9453f9d5412563d..6618e29aae7846ff0d9bd090ad20d1c11033c84b 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -18,7 +18,7 @@ maintenance = { status = "actively-developed" }
 [dependencies]
 anyhow = "1"
 backtrace = "0.3.61"
-chrono = "0.4"
+chrono = "=0.4.23"
 enumber = "0.3"
 lazy_static = "1"
 libc = "0.2"
diff --git a/src/lib.rs b/src/lib.rs
index 473b45fd5b98bb782ed0ec90e0c538dbee0d4559..dd0d218b23292c6d43cbd285b0962923c980415f 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -28,6 +28,7 @@ use libc::{
     time_t,
 };
 
+use chrono::LocalResult;
 use chrono::Utc;
 use chrono::TimeZone;
 
@@ -1752,13 +1753,21 @@ ffi!(fn pgp_renew_key(session: *mut Session,
     let password = session.curr_passphrase();
     let keystore = session.keystore();
 
-    let expiration = Utc.ymd(1900 + expiration.tm_year,
-                             1 + expiration.tm_mon as u32,
-                             expiration.tm_mday as u32)
-        .and_hms(expiration.tm_hour as u32,
-                 expiration.tm_min as u32,
-                 expiration.tm_sec as u32);
-    let expiration: SystemTime = expiration.into();
+    let expiration = Utc
+        .with_ymd_and_hms(1900 + expiration.tm_year,
+                          1 + expiration.tm_mon as u32,
+                          expiration.tm_mday as u32,
+                          expiration.tm_hour as u32,
+                          expiration.tm_min as u32,
+                          expiration.tm_sec as u32);
+    let expiration = if let LocalResult::Single(t) = expiration {
+        SystemTime::from(t)
+    } else {
+        return Err(Error::UnknownError(
+            anyhow::anyhow!("invalid expiration time ({:?})",
+                            expiration),
+            "invalid expiration time".into()));
+    };
 
     let (cert, _private) = keystore.cert_find(fpr, true)?;