From: "Steven Levine" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTP id 11170612 for ecs-isp@2rosenthals.com; Sat, 26 Oct 2024 20:00:19 -0400 Received: from [192.168.200.201] (port=38642 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtp (Exim 4.97.1) (envelope-from ) id 1t4qhW-000000001vV-1RYz for ecs-isp@2rosenthals.com; Sat, 26 Oct 2024 20:00:10 -0400 Received: from mta-201b.earthlink-vadesecure.net ([51.81.229.181]:46339 helo=mta-201a.earthlink-vadesecure.net) by mail2.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.97.1) (envelope-from ) id 1t4qhK-000000005Ny-0Wln for ecs-isp@2rosenthals.com; Sat, 26 Oct 2024 19:59:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; bh=zmW4fgch05/R8ILAflml1pbk6US2QCBWjrakvT uBcGM=; c=relaxed/relaxed; d=earthlink.net; h=from:reply-to:subject: date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to: references:list-id:list-help:list-unsubscribe:list-unsubscribe-post: list-subscribe:list-post:list-owner:list-archive; q=dns/txt; s=dk12062016; t=1729987196; x=1730591996; b=GoulBQLlpvxWCtlxMZN8rqClQda Pd0kw4wXo7h9puZA3/KP9quxhvuExBcGRjFDdp8C5pIEdMFedUkOhQtuYcO9judvKw6ExjI TpoCQCFOaCMalCGXzN5rYbYyVuSNm01h4C71Vc9i5q+vZJ2/tKrQos5zlQzWIiY+LVKt+bu kVX23EsSx457h+Yd02Z+/hhJtOBla+CMI1mplQIcFfEL9CEmVkGMHPwpmS7jVds5bB58sQj WZXGM7VzN/2KQivrTPo4oKvItvRGZa+wKKXtNTgQrasvLRFSHybGt/mPmsnvkSplCuroZLW 3Bn6xUZ5jJWmy24gbT7KMbSyyl/LYjA== Received: from slamain ([172.58.117.14]) by vsel2nmtao01p.internal.vadesecure.com with ngmta id 54734e18-180226306fa99f0b; Sat, 26 Oct 2024 23:59:56 +0000 Message-ID: <671d8ee2.5.mr2ice.fgrirsq@earthlink.net> Date: Sat, 26 Oct 2024 16:52:50 -0800 To: "eCS ISP Mailing List" In-Reply-To: Subject: Re: [eCS-ISP] uacme 1.2.4 curl issue X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v3.00.11.24/60 In , on 10/26/24 at 10:59 AM, "Massimo S." said: Hi Massimo, >depth=1 C = US, O = Let's Encrypt, CN = R11 >verify error:num=20:unable to get local issuer certificate >verify return:1 >depth=0 CN = acme-v02.api.letsencrypt.org >verify return:1 >CONNECTED(00000003) >--- >Certificate chain > 0 s:CN = acme-v02.api.letsencrypt.org > i:C = US, O = Let's Encrypt, CN = R11 > 1 s:C = US, O = Let's Encrypt, CN = R11 > i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 --- >Server certificate >subject=CN = acme-v02.api.letsencrypt.org >issuer=C = US, O = Let's Encrypt, CN = R11 >--- >No client certificate CA names sent >Peer signing digest: SHA256 >Peer signature type: RSA-PSS >Server Temp Key: X25519, 253 bits >--- >SSL handshake has read 3310 bytes and written 412 bytes >Verification error: unable to get local issuer certificate As I suspected you have a local conifiguration problem. Testing here reports snip... -----END CERTIFICATE----- subject=CN = acme-v02.api.letsencrypt.org issuer=C = US, O = Let's Encrypt, CN = R10 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 3309 bytes and written 412 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) snip... >p11-kit-trust package available, but not installed >should i install it? I cannot see any reason not to. Steven -- ---------------------------------------------------------------------- "Steven Levine" Warp/DIY/BlueLion etc. www.scoug.com www.arcanoae.com www.warpcave.com ----------------------------------------------------------------------