> It is not chrooted but running in an unprivileged LXC container, though
> that should not make a difference for Unbound writing its log inside the
> container, or should it perhaps?
Have tried the below variations and each is met with the same outcome ->
error: Could not open logfile
08.06.2018 15:30, ѽ҉ᶬḳ℠ via Unbound-users пишет:
>> Yess, exactly. CA bundle(s) relatively often updates, so keep it
>> calm and bwaaah ;)
>>
> Just bi-monthly ought to be ok I reckon. Mozilla seems to be aware of
> some folks curling it by the hour
>
Sure. I'm do check no more than
> Yess, exactly. CA bundle(s) relatively often updates, so keep it
> calm and bwaaah ;)
>
Just bi-monthly ought to be ok I reckon. Mozilla seems to be aware of
some folks curling it by the hour
08.06.2018 15:14, ѽ҉ᶬḳ℠ via Unbound-users пишет:
>> Or you can simple add shell script in cron, which will update CA bundle
>> from Mozilla.
>>
> Indeed, that seems more elegant and keeps the bundle fresh.
>
Yess, exactly. CA bundle(s) relatively often updates, so keep it
calm and
> Or you can simple add shell script in cron, which will update CA bundle
> from Mozilla.
>
Indeed, that seems more elegant and keeps the bundle fresh.
Or you can simple add shell script in cron, which will update CA bundle
from Mozilla.
08.06.2018 13:58, ѽ҉ᶬḳ℠ via Unbound-users пишет:
>> No, it wants them in one file. I think you can create the file easily
>> with cat /etc/ssl/certs/* > cert-bundle.pem
>>
> Thank you! That worked and sorted
Hi,
On 08/06/18 09:39, ѽ҉ᶬḳ℠ via Unbound-users wrote:
> For some reason the OpenWRT repo does not seem to provide a single
> tls-cert-bundle file but rather rather a collection of single root
> certificates from different providers located in /etc/ssl/certs.
>
> Does Unbound require a single
For some reason the OpenWRT repo does not seem to provide a single
tls-cert-bundle file but rather rather a collection of single root
certificates from different providers located in /etc/ssl/certs.
Does Unbound require a single bundle file or can it utilize those single
root certificates by just
> Is unbound chrooted? If so, that would probably prevent it to access
> to the /var/log directory. Look for the 'chroot' configuration option
> in your unbound.conf file.
It is not chrooted but running in an unprivileged LXC container, though
that should not make a difference for Unbound
