On 11/4/21 20:51, [email protected] wrote:
On 04.11.21 19:29, Lars Noodén wrote:
On 11/4/21 20:22, [email protected] wrote:
... but you could try this:
~$ env SSL_CERT_DIR=/etc/ssl/certs/ blink
Thanks. The error still persists even with that method.
(start blink from command line using default debian CA cert directory
for openssl)
What would the path for that likely be?
/etc/ssl/certs/ is the default CA directory on Debian...
It seems that Blink does not use external CA directories.
But I found this file: /usr/share/blink/tls/ca.crt
Maybe you can just add the content of
/usr/local/share/ca-certificates/lets-encrypt-r3.crt to the end of this
file...
Not sure if you also need some header before the -----BEGIN
CERTIFICATE----- line...
This would be something like:
# Lets' Encrypt
# Issuer: C = US, O = Internet Security Research Group, CN = ISRG Root X1
# Subject: C = US, O = Let's Encrypt, CN = R3
The X3 cert of Let's Encrypt in my /usr/share/blink/tls/ca.crt is
definitely outdated.
You should probably delete the last smaller block of the two, starting with
-----BEGIN CERTIFICATE-----
MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/
But make a backup of /usr/share/blink/tls/ca.crt first!
Thanks! I made a back up of ca.crt, removed the last certificate, and
then appended lets-encrypt-r3.crt to the file. That has gotten rid of
the error. I can now dial out.
I had previously tried reinstalling Blink so maybe the new certificate
needs to be packaged?
/Lars
_______________________________________________
Blink mailing list
[email protected]
https://lists.ag-projects.com/mailman/listinfo/blink
