[Eisfair] Lets Encrypt CAs
Stefan Heidrich
stefan-in-news at web.de
So Sep 19 08:55:30 CEST 2021
Hallo Marcus,
> Dankeschön. Gestern noch upgedatet und alte Zertifikate verschonen.
> Jetzt passt es wieder.
zu früh geschrien. Mein eigenes Lets Encrypt Zertifikat meckert jetzt rum:
*
↑
| certificate : apache.pem (13c323b6)
▮
| subject : CN = www.fam-heidrich.net
▒
| issuer : C = US O = Lets Encrypt CN = R3
▒
| MD5 f-print : D7:D6:18:35:49:D1:BA:1C:3F:62:24:4F:39:71:47:2E
▒
| SHA1 f-print:
2B:15:FB:46:47:15:54:0E:3D:A4:1F:04:F7:16:BD:05:87:67:DD:6B
▒
|
▒
+->| certificate : r3.pem (8d33f237)
▒
| subject : C = US O = Lets Encrypt CN = R3
▒
| issuer : C = US O = Internet Security Research Group CN =
ISRG Root X1 ▒
| MD5 f-print : E8:29:E6:5D:7C:43:07:D6:FB:C1:3C:17:9E:03:7A:36
▒
| SHA1 f-print:
A0:53:37:5B:FE:84:E8:B7:48:78:2C:7C:EE:15:82:7A:6A:F5:A4:05
▒
|
▒
+->| certificate : isrg_root_x1.pem (4042bcee)
▒
| subject : C = US O = Internet Security Research Group CN =
ISRG Root X1 ▒
| issuer : O = Digital Signature Trust Co. CN = DST Root CA
X3 ▒
| MD5 f-print : C1:E1:FF:07:F9:F6:88:49:82:74:D1:A1:80:53:EA:BF
▒
| SHA1 f-print:
93:3C:6D:DE:E9:5C:9C:41:A4:0F:9F:50:49:3D:82:BE:03:AD:87:BF
|
▒
+->| certificate : 2e5ac55d.0 (E)
▒
| subject :
▒
| issuer :
▒
| MD5 f-print :
▒
| SHA1 f-print:
▒
| valid until : 19.09.2021 00:00:00 - CERTIFICATE NEEDS AN
IMMEDIATE UPDATE! ▒
|
▒
+-> Error: file '/usr/local/ssl/certs/2e5ac55d.0' missing!
▒
▒
checking certificate chain:
▒
* OCSP Response verify OK (online)
▒
apache.pem: good
▒
This Update: Sep 19 06:00:00 2021 GMT
▒
Next Update: Sep 26 06:00:00 2021 GMT
Und in Fetchmail sieht das so aus:
fetchmail: Server certificate verification error: unable to get issuer
certificate
fetchmail: Broken certification chain at: /O=Digital Signature Trust
Co./CN=DST Root CA X3
fetchmail: This could mean that the server did not provide the
intermediate CA's certificate(s), which is nothing fetchmail could do
anything about. For details, please see the README.SSL-SERVER document
that ships with fetchmail.
fetchmail: This could mean that the root CA's signing certificate is not
in the trusted CA certificate location, or that c_rehash needs to be run
on the certificate directory. For details, please see the documentation
of --sslcertpath and --sslcertfile in the manual page. See README.SSL
for details.
fetchmail: OpenSSL reported: error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed
Wie komme ich denn jetzt an das fehlende Zertifikat in der Kette?
Viele Grüße
Stefan
Mehr Informationen über die Mailingliste Eisfair