| De: |
"Steven Levine" <ecs-isp@2rosenthals.com> |
En-têtes complèts
Message brut |
| Sujet: |
Re: [eCS-ISP] uacme 1.2.4 curl issue |
| Date: |
Sat, 26 Oct 2024 16:52:50 -0800 |
| À: |
"eCS ISP Mailing List" <ecs-isp@2rosenthals.com> |
|
|---|
In <list-11170016@2rosenthals.com>, on 10/26/24
at 10:59 AM, "Massimo S." <ecs-isp@2rosenthals.com> said:
Hi Massimo,
>depth=1 C = US, O = Let's Encrypt, CN = R11
>verify error:num=20:unable to get local issuer certificate
>verify return:1
>depth=0 CN = acme-v02.api.letsencrypt.org
>verify return:1
>CONNECTED(00000003)
>---
>Certificate chain
> 0 s:CN = acme-v02.api.letsencrypt.org
> i:C = US, O = Let's Encrypt, CN = R11
> 1 s:C = US, O = Let's Encrypt, CN = R11
> i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 ---
>Server certificate
>subject=CN = acme-v02.api.letsencrypt.org
>issuer=C = US, O = Let's Encrypt, CN = R11
>---
>No client certificate CA names sent
>Peer signing digest: SHA256
>Peer signature type: RSA-PSS
>Server Temp Key: X25519, 253 bits
>---
>SSL handshake has read 3310 bytes and written 412 bytes
>Verification error: unable to get local issuer certificate
As I suspected you have a local conifiguration problem. Testing here
reports
snip...
-----END CERTIFICATE-----
subject=CN = acme-v02.api.letsencrypt.org
issuer=C = US, O = Let's Encrypt, CN = R10
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3309 bytes and written 412 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
snip...
>p11-kit-trust package available, but not installed
>should i install it?
I cannot see any reason not to.
Steven
--
----------------------------------------------------------------------
"Steven Levine" <steve53@earthlink.net> Warp/DIY/BlueLion etc.
www.scoug.com www.arcanoae.com www.warpcave.com
----------------------------------------------------------------------
|