On Sun, 11 Aug 2024 09:57:31 +0200,
Peter Philipp <[email protected]> wrote:
>
> openssl s_client returns this:
> ----
> Verify return code: 20 (unable to get local issuer certificate)
> ----
>
> based on these two command which the first one fails hard:
>
> 34 ftp
> https://download.delphinusdns.org/pub/delphinusdnsd/snapshot/INSTALL/goldflipper11.png
> 35 openssl s_client -connect download.delphinusdns.org:443
>
> how do I debug this? If anyone can hold my hand a little bit here, I would
> appreciate it. I have added TLSA DNS entries for all the port 443's on my
> DNS!
>
I see that you're using a ceritficate which was issued by Let's Encryption,
and I asee that certificate which is sent from your server hasn't got full
chain:
Certificate chain
0 s:/CN=download.delphinusdns.org
i:/C=US/O=Let's Encrypt/CN=R10
I think that distributing the whole chain should fix that issue.
--
wbr, Kirill
