List ecs-isp@2rosenthals.com Arkiverade meddelande #965 föregående meddelande nästa meddelande Tillbaks till lista

Från: "Massimo S." <ecs-isp@2rosenthals.com> Meddelandehuvud
Oavkodat meddelande
Ämne: Re: [eCS-ISP] uacme 1.2.4 curl issue
Datum: Sat, 26 Oct 2024 10:59:45 +0200
Till: eCS ISP Mailing List <ecs-isp@2rosenthals.com>



Il 26/10/2024 01:06, Steven Levine ha scritto:
In <list-11140337@2rosenthals.com>, on 10/24/24
    at 06:41 PM, "Massimo S." <ecs-isp@2rosenthals.com> said:

Hi Massimo,

i've just retried some minute ago and i got:

failed: SSL peer certificate or SSH remote  key was not OK
uacme: curl_get: waiting 5 seconds before retrying
uacme: curl_get: GET https://acme-v02.api.letsencrypt.org/directory
failed: SSL peer certificate or SSH remote  key was not OK
uacme: curl_get: waiting 5 seconds before retrying
uacme: curl_get: GET https://acme-v02.api.letsencrypt.org/directory
failed: SSL peer certificate or SSH remote  key was not OK
uacme: curl_get: waiting 5 seconds before retrying
uacme: acme_get: curl_get failed
uacme: failed to fetch directory at
https://acme-v02.api.letsencrypt.org/directory

What does

   openssl s_client -connect acme-v02.api.letsencrypt.org:443

report?


depth=1 C = US, O = Let's Encrypt, CN = R11
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = acme-v02.api.letsencrypt.org
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:CN = acme-v02.api.letsencrypt.org
   i:C = US, O = Let's Encrypt, CN = R11
 1 s:C = US, O = Let's Encrypt, CN = R11
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFqzCCBJOgAwIBAgISAzbLbHptztaG/KaK0iWgDkKbMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTEwHhcNMjQwOTA0MTYwMzQ2WhcNMjQxMjAzMTYwMzQ1WjAnMSUwIwYDVQQD
ExxhY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAtbnftpdu9JD8WYvwe4Skg9BZw5x+sluM9Ol6HkOAXqLn
cHBhfaSIEiqUqpawO1pMJ1PZA0MxEzVXLM3AV5IwPydiTuI8NbNl/4uGuHOkq4p1
XO3xAzxV2J0hUxklgkuJqgb5wGIFhfTV4ka5898Bzu9rneDfHAIeodNf6HEt5QyL
5ZVN8fDveceaLfHxsViE+pD8y7FYU0EIMazeapPIXc99Q8nyNLVzp7vcWvZh+baB
gS2/0vFLGNJ4J6Lreah6ySU5QMvtdmXoHXzFGwY8A6CQd62MU8CaP8elNe00Krev
sCGeqNdDeakaqMPvpCkv2Ggi/Ao/Wh7zNPmgTkI0UQIDAQABo4ICwzCCAr8wDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV
HRMBAf8EAjAAMB0GA1UdDgQWBBRxtksJdzedHKtsGWxqTnoN0wDpjDAfBgNVHSME
GDAWgBTFz0ak6vTDwHpslcQtsF6SLybjuTBXBggrBgEFBQcBAQRLMEkwIgYIKwYB
BQUHMAGGFmh0dHA6Ly9yMTEuby5sZW5jci5vcmcwIwYIKwYBBQUHMAKGF2h0dHA6
Ly9yMTEuaS5sZW5jci5vcmcvMIHJBgNVHREEgcEwgb6CHmFjbWUtdjAyLTEuYXBp
LmxldHNlbmNyeXB0Lm9yZ4IeYWNtZS12MDItMi5hcGkubGV0c2VuY3J5cHQub3Jn
gh5hY21lLXYwMi0zLmFwaS5sZXRzZW5jcnlwdC5vcmeCHmFjbWUtdjAyLTQuYXBp
LmxldHNlbmNyeXB0Lm9yZ4IeYWNtZS12MDItNS5hcGkubGV0c2VuY3J5cHQub3Jn
ghxhY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnMBMGA1UdIAQMMAowCAYGZ4EM
AQIBMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcASLDja9qmRzQP5WoC+p0w6xxS
ActW3SyB2bu/qznYhHMAAAGRvfyjugAABAMASDBGAiEA8IlocIIjHpcIYKabAHEo
7PldX7gVCOmtayjurL+SrJ0CIQDoF450aWb7u3+41m7oaxfB+Qek9yqTNRmpGuPZ
je+w1wB1AHb/iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABkb38pAUA
AAQDAEYwRAIgTTa0VFwFqiSJzSM0tb+fOK/+dD8Q9fVnp0ytZ21+xpUCIEFulOV5
k/qyNpsCC95A/Z+enC1YtBoQPKUEKpUefbTyMA0GCSqGSIb3DQEBCwUAA4IBAQAx
lPolskFGAkPxX94CrwfBDfgCOKib7eni3n1oIBLQk2pYr7MvctJE6a92skMzOaFv
Uqrai3TaLD6r1oMaGgLcqw4ZEnM512UqGOzSt7rGPRShKhsmCIGQgcpohRU7BeAZ
NHbarDP4O/LeSi+bOWPFOCA02z06qBcCy3Rg65Mjtrf1Z3iLXNskbYb3pAIoUNUS
/6GO7vQJvtZZL3XxS1/Cm2hPcR+Ixoxw7gRWmvislAqgQNioXQ8gePNExXA9wtsQ
zGpSviQCBRXgjnPSEEDASvFlTsJ8oYK/otutvdkx0PxCav6Hds0XwdUnkqDWLOH6
22hZ1Nex6LlgY8sX88Gl
-----END CERTIFICATE-----
subject=CN = acme-v02.api.letsencrypt.org

issuer=C = US, O = Let's Encrypt, CN = R11

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3310 bytes and written 412 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
---
bad select 22


The internet thinks you may have stale certificates in your local cache.
You can try

   yum update p11-kit-trust

i get

Pacchetto p11-kit-trust disponibile, ma non installato

p11-kit-trust package available, but not installed
should i install it?

thanks

massimo
Prenumerera: Sändning, Uppsamling, Index.
Stoppa prenumeration
Meddelande till ListMaster