Am 29.07.21 um 18:16 schrieb Andrew Gallagher: > On 29/07/2021 08:41, Rainer Fiebig via Gnupg-users wrote: >> Am 28.07.21 um 21:38 schrieb Ingo Klöcker: >>> On Mittwoch, 28. Juli 2021 18:38:07 CEST Rainer Fiebig via Gnupg-users > wrote: >>> >>> Does 'gpg --keyserver hkps://pgpkeys.eu --search-keys ...' work for you? >>> >> No, same output as reported initially. > > The common problem is the LetsEncrypt R3 certificate. > >> * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 >> * ALPN, server accepted to use http/1.1 >> * Server certificate: >> * subject: CN=keys.openpgp.org >> * start date: Jul 26 04:32:08 2021 GMT >> * expire date: Oct 24 04:32:06 2021 GMT >> * subjectAltName: host "keys.openpgp.org" matched cert's >> "keys.openpgp.org" >> * issuer: C=US; O=Let's Encrypt; CN=R3 >> * SSL certificate verify ok. > ... >> Looks OK to me. The Let's Encrypt certificate is recognized and >> verified. Or what do you think? > > I think it looks like dirmngr isn't using the same set of CAs that curl > is using. > > The missing root certificate is: > >> 2021-07-28 16:06:50 dirmngr[4135.6] issuer certificate: #/CN=DST Root > CA >> X3,O=Digital Signature Trust Co. > Can you confirm that /etc/ssl/certs/DST_Root_CA_X3.pem exists on your > machine and has the following checksum? > > ``` > andrewg@whippet:~$ sha256sum /etc/ssl/certs/DST_Root_CA_X3.pem > 139a5e4a4e0fa505378c72c5f700934ce8333f4e6b1b508886c4b0eb14f4be99 > /etc/ssl/certs/DST_Root_CA_X3.pem > ``` > Thanks. File exists but has a different checksum:
/etc/ssl/certs> sha256sum DST_Root_CA_X3.pem 4b3ecda4db3f417f23f5dfa84eb4d59d6cc2959446ebaf89c7df5866d31e9980 DST_Root_CA_X3.pem > Also, is your system clock correct? (long shot, but always worth asking > when debugging TLS cert issues) > System clock is OK. No problem asking - I'm happy for every clue I can get in this matter. ;) _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
