Hi, I've started seeing this error message on my nsd on 7.8/7.9
nsd[16557]: xfrd tls: Unable to set the certificate bundle file /var/nsd/etc/cert-bundle.pem nsd[1613]: nsd started (NSD 4.14.2), pid 16557 ls -ld /var/nsd/etc/cert-bundle.pem -rw-r----- 1 root _nsd 4460 Jun 2 12:28 /var/nsd/etc/cert-bundle.pem Reading the upstream nsd code I saw that the cert bundle in xfrd-tcp.c is loaded after chroot. Changing: #tls-cert-bundle: /var/nsd/etc/cert-bundle.pem tls-cert-bundle: /etc/cert-bundle.pem gives other errors: nsd[56501]: Error in SSL_CTX verify locations crypto error:02FFF002:system library:func(4095):No such file or directory nsd[56501]: and additionally crypto error:20FFF080:BIO routines:CRYPTO_internal:no such file nsd[56501]: and additionally crypto error:0BFFF002:x509 certificate routines:CRYPTO_internal:system lib nsd[56501]: could not setup server TLS context nsd[56501]: could not set up tls SSL_CTX I've pushed something to upstream about this (https://github.com/NLnetLabs/nsd/pull/486) but it puzzles me why the non-chroot path does not work either here. Can someone that runs nsd check please and report? Thanks, G
