From: "Massimo S." Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTP id 11170812 for ecs-isp@2rosenthals.com; Sun, 27 Oct 2024 08:59:25 -0400 Received: from [192.168.200.201] (port=39725 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtp (Exim 4.97.1) (envelope-from ) id 1t52rc-000000007oR-1Ubq for ecs-isp@2rosenthals.com; Sun, 27 Oct 2024 08:59:26 -0400 Received: from mail2.quasarbbs.net ([80.86.52.115]:10114) by mail2.2rosenthals.com with esmtp (Exim 4.97.1) (envelope-from ) id 1t52ra-000000006Ew-0Rrh for ecs-isp@2rosenthals.com; Sun, 27 Oct 2024 08:59:23 -0400 X-SASI-Hits: BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_SIZE_2000_2999 0.000000, BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000, CTE_7BIT 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000, MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000, NO_CTA_URI_FOUND 0.000000, NO_URI_HTTPS 0.000000, REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000, SENDER_NO_AUTH 0.000000, SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000, USER_AGENT 0.000000, __ANY_URI 0.000000, __BODY_NO_MAILTO 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __COURIER_PHRASE 0.000000, __CT 0.000000, __CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000, __HEADER_ORDER_FROM 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000, __MOZILLA_USER_AGENT 0.000000, __MSGID_HEX_844412 0.000000, __NO_HTML_TAG_RAW 0.000000, __PHISH_SPEAR_SUBJ_ALERT 0.000000, __REFERENCES 0.000000, __REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000, __REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_MAILTO 0.000000, __URI_NO_WWW 0.000000, __URI_NS 0.000000, __USER_AGENT 0.000000 X-SASI-Probability: 10% X-SASI-RCODE: 200 X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2024.10.27.122716 X-SASI-Hits: BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_SIZE_2000_2999 0.000000, BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000, CTE_7BIT 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000, MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000, NO_CTA_URI_FOUND 0.000000, NO_URI_HTTPS 0.000000, REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000, SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000, USER_AGENT 0.000000, __ANY_URI 0.000000, __AUTH_RES_PASS 0.000000, __BODY_NO_MAILTO 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __COURIER_PHRASE 0.000000, __CT 0.000000, __CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000, __HEADER_ORDER_FROM 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000, __MOZILLA_USER_AGENT 0.000000, __MSGID_HEX_844412 0.000000, __NO_HTML_TAG_RAW 0.000000, __PHISH_SPEAR_SUBJ_ALERT 0.000000, __REFERENCES 0.000000, __REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000, __REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_MAILTO 0.000000, __URI_NO_WWW 0.000000, __URI_NS 0.000000, __USER_AGENT 0.000000 X-SASI-Probability: 10% X-SASI-RCODE: 200 X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2024.10.27.122716 Received: from [192.168.10.199] (dtp [192.168.10.199]) by srv2 (Weasel v2.9-0001 ) for ; Sun, 27 Oct 2024 14:23:37 -0000 Reply-To: ml@ecomstation.it Subject: Re: [eCS-ISP] uacme 1.2.4 curl issue To: eCS ISP Mailing List References: Organization: Massimo S. Message-ID: <294f1f16-c915-a5ff-64d8-d3bb26965764@ecomstation.it> Date: Sun, 27 Oct 2024 13:59:16 +0100 User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; it-IT; rv:1.7.13) Gecko/20060424 Thunderbird/1.0.8 Mnenhy/0.7.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=iso-8859-15; format=flowed Content-Language: it-IT Content-Transfer-Encoding: 7bit Il 27/10/2024 02:52, Steven Levine ha scritto: > In , on 10/26/24 > at 10:59 AM, "Massimo S." said: > > Hi Massimo, > >> depth=1 C = US, O = Let's Encrypt, CN = R11 >> verify error:num=20:unable to get local issuer certificate >> verify return:1 >> depth=0 CN = acme-v02.api.letsencrypt.org >> verify return:1 >> CONNECTED(00000003) >> --- >> Certificate chain >> 0 s:CN = acme-v02.api.letsencrypt.org >> i:C = US, O = Let's Encrypt, CN = R11 >> 1 s:C = US, O = Let's Encrypt, CN = R11 >> i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 --- >> Server certificate >> subject=CN = acme-v02.api.letsencrypt.org > >> issuer=C = US, O = Let's Encrypt, CN = R11 > >> --- >> No client certificate CA names sent >> Peer signing digest: SHA256 >> Peer signature type: RSA-PSS >> Server Temp Key: X25519, 253 bits >> --- >> SSL handshake has read 3310 bytes and written 412 bytes >> Verification error: unable to get local issuer certificate > > As I suspected you have a local conifiguration problem. this sever has port 80 closed when i reissue certificates the script first reload firewall rules with port 80 open than reissues and after reload the original firerule maybe this could be the problem? massimo >Testing here > reports > > snip... > > -----END CERTIFICATE----- > subject=CN = acme-v02.api.letsencrypt.org > issuer=C = US, O = Let's Encrypt, CN = R10 > > --- > No client certificate CA names sent > Peer signing digest: SHA256 > Peer signature type: RSA-PSS > Server Temp Key: X25519, 253 bits > --- > SSL handshake has read 3309 bytes and written 412 bytes > Verification: OK > --- > New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 > Server public key is 2048 bit > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > Early data was not sent > Verify return code: 0 (ok) > > snip... > >> p11-kit-trust package available, but not installed >> should i install it? > > I cannot see any reason not to. > > Steven >