From: "Massimo S." Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTP id 11170010 for ecs-isp@2rosenthals.com; Sat, 26 Oct 2024 04:59:59 -0400 Received: from secmgr-va.randr ([192.168.200.201]:35449 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtp (Exim 4.97.1) (envelope-from ) id 1t4ceE-000000000lz-1AKP for ecs-isp@2rosenthals.com; Sat, 26 Oct 2024 04:59:51 -0400 Received: from mail2.quasarbbs.net ([80.86.52.115]:10049) by mail2.2rosenthals.com with esmtp (Exim 4.97.1) (envelope-from ) id 1t4ceB-000000002Ix-23TZ for ecs-isp@2rosenthals.com; Sat, 26 Oct 2024 04:59:48 -0400 X-SASI-Hits: BODY_SIZE_4000_4999 0.000000, BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000, CTE_7BIT 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000, MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000, REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000, SENDER_NO_AUTH 0.000000, SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000, URI_WITH_PATH_ONLY 0.000000, USER_AGENT 0.000000, __ANY_URI 0.000000, __BODY_NO_MAILTO 0.000000, __BODY_VOICEMAIL 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __COURIER_PHRASE 0.000000, __CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000, __HEADER_ORDER_FROM 0.000000, __HTTPS_URI 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000, __MOZILLA_USER_AGENT 0.000000, __MSGID_HEX_844412 0.000000, __MULTIPLE_URI_TEXT 0.000000, __NO_HTML_TAG_RAW 0.000000, __PHISH_SPEAR_SUBJ_ALERT 0.000000, __REFERENCES 0.000000, __REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000, __REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_HAS_HYPHEN_USC 0.000000, __URI_IN_BODY 0.000000, __URI_MAILTO 0.000000, __URI_NOT_IMG 0.000000, __URI_NO_WWW 0.000000, __URI_NS 0.000000, __URI_WITH_PATH 0.000000, __USER_AGENT 0.000000 X-SASI-Probability: 10% X-SASI-RCODE: 200 X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2024.10.26.81815 X-SASI-Hits: BODY_SIZE_4000_4999 0.000000, BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000, CTE_7BIT 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000, MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000, REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000, SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000, URI_WITH_PATH_ONLY 0.000000, USER_AGENT 0.000000, __ANY_URI 0.000000, __AUTH_RES_PASS 0.000000, __BODY_NO_MAILTO 0.000000, __BODY_VOICEMAIL 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __COURIER_PHRASE 0.000000, __CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000, __HEADER_ORDER_FROM 0.000000, __HTTPS_URI 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000, __MOZILLA_USER_AGENT 0.000000, __MSGID_HEX_844412 0.000000, __MULTIPLE_URI_TEXT 0.000000, __NO_HTML_TAG_RAW 0.000000, __PHISH_SPEAR_SUBJ_ALERT 0.000000, __REFERENCES 0.000000, __REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000, __REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_HAS_HYPHEN_USC 0.000000, __URI_IN_BODY 0.000000, __URI_MAILTO 0.000000, __URI_NOT_IMG 0.000000, __URI_NO_WWW 0.000000, __URI_NS 0.000000, __URI_WITH_PATH 0.000000, __USER_AGENT 0.000000 X-SASI-Probability: 10% X-SASI-RCODE: 200 X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2024.10.26.81815 Received: from [192.168.10.199] (dtp [192.168.10.199]) by srv2 (Weasel v2.9-0001 ) for ; Sat, 26 Oct 2024 10:36:27 -0000 Reply-To: ml@ecomstation.it Subject: Re: [eCS-ISP] uacme 1.2.4 curl issue To: eCS ISP Mailing List References: Organization: Massimo S. Message-ID: <22e572c9-9da8-696c-fbab-8a1669c43489@ecomstation.it> Date: Sat, 26 Oct 2024 10:59:45 +0200 User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; it-IT; rv:1.7.13) Gecko/20060424 Thunderbird/1.0.8 Mnenhy/0.7.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=iso-8859-15; format=flowed Content-Language: it-IT Content-Transfer-Encoding: 7bit Il 26/10/2024 01:06, Steven Levine ha scritto: > In , on 10/24/24 > at 06:41 PM, "Massimo S." said: > > Hi Massimo, > >> i've just retried some minute ago and i got: > >> failed: SSL peer certificate or SSH remote key was not OK >> uacme: curl_get: waiting 5 seconds before retrying >> uacme: curl_get: GET https://acme-v02.api.letsencrypt.org/directory >> failed: SSL peer certificate or SSH remote key was not OK >> uacme: curl_get: waiting 5 seconds before retrying >> uacme: curl_get: GET https://acme-v02.api.letsencrypt.org/directory >> failed: SSL peer certificate or SSH remote key was not OK >> uacme: curl_get: waiting 5 seconds before retrying >> uacme: acme_get: curl_get failed >> uacme: failed to fetch directory at >> https://acme-v02.api.letsencrypt.org/directory > > What does > > openssl s_client -connect acme-v02.api.letsencrypt.org:443 > > report? depth=1 C = US, O = Let's Encrypt, CN = R11 verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 CN = acme-v02.api.letsencrypt.org verify return:1 CONNECTED(00000003) --- Certificate chain 0 s:CN = acme-v02.api.letsencrypt.org i:C = US, O = Let's Encrypt, CN = R11 1 s:C = US, O = Let's Encrypt, CN = R11 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 --- Server certificate -----BEGIN CERTIFICATE----- MIIFqzCCBJOgAwIBAgISAzbLbHptztaG/KaK0iWgDkKbMA0GCSqGSIb3DQEBCwUA MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD EwNSMTEwHhcNMjQwOTA0MTYwMzQ2WhcNMjQxMjAzMTYwMzQ1WjAnMSUwIwYDVQQD ExxhY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEAtbnftpdu9JD8WYvwe4Skg9BZw5x+sluM9Ol6HkOAXqLn cHBhfaSIEiqUqpawO1pMJ1PZA0MxEzVXLM3AV5IwPydiTuI8NbNl/4uGuHOkq4p1 XO3xAzxV2J0hUxklgkuJqgb5wGIFhfTV4ka5898Bzu9rneDfHAIeodNf6HEt5QyL 5ZVN8fDveceaLfHxsViE+pD8y7FYU0EIMazeapPIXc99Q8nyNLVzp7vcWvZh+baB gS2/0vFLGNJ4J6Lreah6ySU5QMvtdmXoHXzFGwY8A6CQd62MU8CaP8elNe00Krev sCGeqNdDeakaqMPvpCkv2Ggi/Ao/Wh7zNPmgTkI0UQIDAQABo4ICwzCCAr8wDgYD VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV HRMBAf8EAjAAMB0GA1UdDgQWBBRxtksJdzedHKtsGWxqTnoN0wDpjDAfBgNVHSME GDAWgBTFz0ak6vTDwHpslcQtsF6SLybjuTBXBggrBgEFBQcBAQRLMEkwIgYIKwYB BQUHMAGGFmh0dHA6Ly9yMTEuby5sZW5jci5vcmcwIwYIKwYBBQUHMAKGF2h0dHA6 Ly9yMTEuaS5sZW5jci5vcmcvMIHJBgNVHREEgcEwgb6CHmFjbWUtdjAyLTEuYXBp LmxldHNlbmNyeXB0Lm9yZ4IeYWNtZS12MDItMi5hcGkubGV0c2VuY3J5cHQub3Jn gh5hY21lLXYwMi0zLmFwaS5sZXRzZW5jcnlwdC5vcmeCHmFjbWUtdjAyLTQuYXBp LmxldHNlbmNyeXB0Lm9yZ4IeYWNtZS12MDItNS5hcGkubGV0c2VuY3J5cHQub3Jn ghxhY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnMBMGA1UdIAQMMAowCAYGZ4EM AQIBMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcASLDja9qmRzQP5WoC+p0w6xxS ActW3SyB2bu/qznYhHMAAAGRvfyjugAABAMASDBGAiEA8IlocIIjHpcIYKabAHEo 7PldX7gVCOmtayjurL+SrJ0CIQDoF450aWb7u3+41m7oaxfB+Qek9yqTNRmpGuPZ je+w1wB1AHb/iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABkb38pAUA AAQDAEYwRAIgTTa0VFwFqiSJzSM0tb+fOK/+dD8Q9fVnp0ytZ21+xpUCIEFulOV5 k/qyNpsCC95A/Z+enC1YtBoQPKUEKpUefbTyMA0GCSqGSIb3DQEBCwUAA4IBAQAx lPolskFGAkPxX94CrwfBDfgCOKib7eni3n1oIBLQk2pYr7MvctJE6a92skMzOaFv Uqrai3TaLD6r1oMaGgLcqw4ZEnM512UqGOzSt7rGPRShKhsmCIGQgcpohRU7BeAZ NHbarDP4O/LeSi+bOWPFOCA02z06qBcCy3Rg65Mjtrf1Z3iLXNskbYb3pAIoUNUS /6GO7vQJvtZZL3XxS1/Cm2hPcR+Ixoxw7gRWmvislAqgQNioXQ8gePNExXA9wtsQ zGpSviQCBRXgjnPSEEDASvFlTsJ8oYK/otutvdkx0PxCav6Hds0XwdUnkqDWLOH6 22hZ1Nex6LlgY8sX88Gl -----END CERTIFICATE----- subject=CN = acme-v02.api.letsencrypt.org issuer=C = US, O = Let's Encrypt, CN = R11 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 3310 bytes and written 412 bytes Verification error: unable to get local issuer certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 20 (unable to get local issuer certificate) --- bad select 22 > The internet thinks you may have stale certificates in your local cache. > You can try > > yum update p11-kit-trust i get Pacchetto p11-kit-trust disponibile, ma non installato p11-kit-trust package available, but not installed should i install it? thanks massimo