On 11/2/21 22:28, [email protected] wrote:
Finally solved by installing Let's Encrypt R3 cert manually:
sudo wget --no-check-certificate
https://letsencrypt.org/certs/lets-encrypt-r3.pem -O
/usr/local/share/ca-certificates/lets-encrypt-r3.crt
sudo update-ca-certificates
Thanks. I've now tried that and still get the certificate error.
Digging, I see only four certificates expiring in 2021, two of which are
still good for a while:
$ find /usr/share/ \
-type f \
-name '*.crt' \
-exec sh -c "openssl x509 -text -noout -in {} ||echo {}>&2" \; \
| awk '{$1=$1}
/Not After/ && $7 == 2021 {s=1;print}
s&&$1~/Subject/ {print $0,"\n"; s=0}'
With slight formatting that results in this list:
Not After : Dec 15 08:00:00 2021 GMT
Subject: OU = GlobalSign Root CA - R2, O = GlobalSign,
CN = GlobalSign
Not After : Mar 17 18:33:33 2021 GMT
Subject: C = BM, O = QuoVadis Limited,
OU = Root Certification Authority,
CN = QuoVadis Root Certification Authority
Not After : Dec 15 08:00:00 2021 GMT
Subject: O = "Cybertrust, Inc", CN = Cybertrust Global Root
Not After : Apr 6 07:29:40 2021 GMT
Subject: C = FI, O = Sonera, CN = Sonera Class2 CA
Should I just remove the expired certificates or do they need to be
replaced? Or is there a way to tell from Blink's logs which is the
offending certificate?
/Lars
_______________________________________________
Blink mailing list
[email protected]
https://lists.ag-projects.com/mailman/listinfo/blink
