In <list-11170016@2rosenthals.com>, on 10/26/24
at 10:59 AM, "Massimo S." <ecs-isp@2rosenthals.com> said:
Hi Massimo,
>depth=1 C = US, O = Let's Encrypt, CN = R11
>verify error:num=20:unable to get local issuer certificate
>verify return:1
>depth=0 CN = acme-v02.api.letsencrypt.org
>verify return:1
>CONNECTED(00000003)
>---
>Certificate chain
> 0 s:CN = acme-v02.api.letsencrypt.org
> i:C = US, O = Let's Encrypt, CN = R11
> 1 s:C = US, O = Let's Encrypt, CN = R11
> i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 ---
>Server certificate
>subject=CN = acme-v02.api.letsencrypt.org
>issuer=C = US, O = Let's Encrypt, CN = R11
>---
>No client certificate CA names sent
>Peer signing digest: SHA256
>Peer signature type: RSA-PSS
>Server Temp Key: X25519, 253 bits
>---
>SSL handshake has read 3310 bytes and written 412 bytes
>Verification error: unable to get local issuer certificate
As I suspected you have a local conifiguration problem. Testing here
reports
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3309 bytes and written 412 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
snip...
>p11-kit-trust package available, but not installed
>should i install it?
Tillbaks till lista