ecs-isp@2rosenthals.com Mailing List Archive

Mailing List ecs-isp@2rosenthals.com Message #974

Från:	"Massimo S." <ecs-isp@2rosenthals.com>	Meddelandehuvud Oavkodat meddelande
Ämne:	Re: [eCS-ISP] uacme 1.2.4 curl issue
Datum:	Tue, 29 Oct 2024 11:18:30 +0100
Till:	eCS ISP Mailing List <ecs-isp@2rosenthals.com>

Il 27/10/2024 02:52, Steven Levine ha scritto: In <list-11170016@2rosenthals.com>, on 10/26/24 at 10:59 AM, "Massimo S." <ecs-isp@2rosenthals.com> said: Hi Massimo, depth=1 C = US, O = Let's Encrypt, CN = R11 verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 CN = acme-v02.api.letsencrypt.org verify return:1 CONNECTED(00000003) --- Certificate chain 0 s:CN = acme-v02.api.letsencrypt.org i:C = US, O = Let's Encrypt, CN = R11 1 s:C = US, O = Let's Encrypt, CN = R11 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 --- Server certificate subject=CN = acme-v02.api.letsencrypt.org issuer=C = US, O = Let's Encrypt, CN = R11 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 3310 bytes and written 412 bytes Verification error: unable to get local issuer certificate As I suspected you have a local conifiguration problem. Testing here reports snip... -----END CERTIFICATE----- subject=CN = acme-v02.api.letsencrypt.org issuer=C = US, O = Let's Encrypt, CN = R10 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 3309 bytes and written 412 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) snip... p11-kit-trust package available, but not installed should i install it? I cannot see any reason not to. Steven Hi, p11-kit-trust installed and vm rebooted, but the ssl check give the same result depth=1 C = US, O = Let's Encrypt, CN = R10 verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 CN = acme-v02.api.letsencrypt.org verify return:1 CONNECTED(00000003) --- Certificate chain 0 s:CN = acme-v02.api.letsencrypt.org i:C = US, O = Let's Encrypt, CN = R10 1 s:C = US, O = Let's Encrypt, CN = R10 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 --- Server certificate -----BEGIN CERTIFICATE----- MIIFqjCCBJKgAwIBAgISBL4p77MSVouOsQZQINLffau6MA0GCSqGSIb3DQEBCwUA MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD EwNSMTAwHhcNMjQwOTA0MTYwMzQ2WhcNMjQxMjAzMTYwMzQ1WjAnMSUwIwYDVQQD ExxhY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEAoVc5mou51gqcaVsHsopoMyKpwqxF7O9ZIXYcni1yl8gk A7/i+RDm3b2EixnhEbcFDMcjiPgsoHbbWzj3g4GRXFJVFDQnr9w+VL0qXvU9A3Sm wOg/s6Vph7y0KymfS25h0scM8S8o+nUhuyoeqK5T9YuZjmSNnRI5nMGWeramPU1p JUVeKp4x6YmP9bpOQs8yGqS8UZ/xlcXF4P21Oz2fI2KjIIg48782U5R7M+XoguIV SEPHeYfwpGFnojFEb3jHYWaSORx9vvn1E01r0LOuHn7Udx5z4XzcRggMtPmuGNCi cw8sLb7nGo+FQzAzYX28zAAf9TJAMH1u51SQ9IAK6QIDAQABo4ICwjCCAr4wDgYD VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV HRMBAf8EAjAAMB0GA1UdDgQWBBR50/M0MZvkR5623tTs8+Pyq/vT/TAfBgNVHSME GDAWgBS7vMNHpeS8qcbDpHIMEI2iNeHI6DBXBggrBgEFBQcBAQRLMEkwIgYIKwYB BQUHMAGGFmh0dHA6Ly9yMTAuby5sZW5jci5vcmcwIwYIKwYBBQUHMAKGF2h0dHA6 Ly9yMTAuaS5sZW5jci5vcmcvMIHJBgNVHREEgcEwgb6CHmFjbWUtdjAyLTEuYXBp LmxldHNlbmNyeXB0Lm9yZ4IeYWNtZS12MDItMi5hcGkubGV0c2VuY3J5cHQub3Jn gh5hY21lLXYwMi0zLmFwaS5sZXRzZW5jcnlwdC5vcmeCHmFjbWUtdjAyLTQuYXBp LmxldHNlbmNyeXB0Lm9yZ4IeYWNtZS12MDItNS5hcGkubGV0c2VuY3J5cHQub3Jn ghxhY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnMBMGA1UdIAQMMAowCAYGZ4EM AQIBMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHUASLDja9qmRzQP5WoC+p0w6xxS ActW3SyB2bu/qznYhHMAAAGRvfymUwAABAMARjBEAiAt70lY2Z21hM/S4cmqHEIl 2b6i7CWuPctvTsCrosOBjgIgMi3KJplu84s+zmXYWXUUGdL1+Ucl+PzCcQw0Yttp tooAdgB2/4g/Crb7lVHCYcz1h7o0tKTNuyncaEIKn+ZnTFo6dAAAAZG9/KZ1AAAE AwBHMEUCIQCsBsU/OytLQxJFyjXveQem/Ye/sGKk8/PyR3pTrgMlDAIgWV4/DksD Sq+EDkK4M2hT+Nd2/RdGpR77sgDvthSLpo0wDQYJKoZIhvcNAQELBQADggEBABsr FG1nLmPQdCne3KrGpw+ns7tS8hlCDK11sjIqR/svVvE5uLIuEOmroUXBd99bF5M8 j7CAHt3iYyFVQ7QUeU+sX7W0hk09eq8z7CA2iRpvYPsbbEgnet3Gk5JGgyjF1T1u p9QYLhHh/7Cu7B0ySijD01ctvPyF8cl0/Wj2sl7cSq8hKCLECGzo/VYSFt+kvQCy 5uxcsgIzayh/WQlBrm1xwK/vdvch8DpWcCHnI7yg0cJdpjMyw/Mi1vLzbClJP6HK MjL0OYhfS2fJbGeCwhaKCc56aRWwrxfuxj+5Afo+ZgxvujIr6qipvu0YpRTdITec LjfE+3Tm8m32v7H3HiY= -----END CERTIFICATE----- subject=CN = acme-v02.api.letsencrypt.org issuer=C = US, O = Let's Encrypt, CN = R10 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 3308 bytes and written 412 bytes Verification error: unable to get local issuer certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 20 (unable to get local issuer certificate) --- bad select 22 massimo