subject:"\[strongSwan\] Let's Encrypt CA Expiry \& related StrongSWAN trouble"

Re: [strongSwan] Let's Encrypt CA Expiry & related StrongSWAN trouble

2021-10-06 Thread Noel Kuntze

Hi, Have you tried ipsec stroke rereadsecrets? (Btw, better switch to swanctl) Kind regards Noel Am 06.10.21 um 16:54 schrieb Philip Veale: So about a week about, one of the CAs in the chain Let'sEncrypt use (DST Root CA X3) expired. This shouldn't have been a problem for most clients, as it

Re: [strongSwan] Let's Encrypt CA Expiry & related StrongSWAN trouble

2021-10-06 Thread Simon Deziel

On 2021-10-06 2:27 p.m., Philip Veale wrote: On Wed, 6 Oct 2021 at 17:24, Simon Deziel wrote: On 2021-10-06 12:22 p.m., Simon Deziel wrote: On 2021-10-06 12:08 p.m., Philip Veale wrote: Oct 6 16:43:55 VPN-Server charon: 00[LIB] opening '/etc/letsencrypt/live/vpn.my-hostname/privkey.pem'

Re: [strongSwan] Let's Encrypt CA Expiry & related StrongSWAN trouble

2021-10-06 Thread Philip Veale

On Wed, 6 Oct 2021 at 17:24, Simon Deziel wrote: > On 2021-10-06 12:22 p.m., Simon Deziel wrote: > > On 2021-10-06 12:08 p.m., Philip Veale wrote: > >> Oct 6 16:43:55 VPN-Server charon: 00[LIB] opening > >> '/etc/letsencrypt/live/vpn.my-hostname/privkey.pem' failed: Permission > >> denied >

Re: [strongSwan] Let's Encrypt CA Expiry & related StrongSWAN trouble

2021-10-06 Thread Simon Deziel

On 2021-10-06 12:22 p.m., Simon Deziel wrote: On 2021-10-06 12:08 p.m., Philip Veale wrote: I hadn't tried that, but tried, didn't change anything. I noticed things specifically related to StrongSWAN aren't working since the update to Bullseye and swanctl is not a recognised command. StrongSWAN

Re: [strongSwan] Let's Encrypt CA Expiry & related StrongSWAN trouble

2021-10-06 Thread Simon Deziel

On 2021-10-06 12:08 p.m., Philip Veale wrote: I hadn't tried that, but tried, didn't change anything. I noticed things specifically related to StrongSWAN aren't working since the update to Bullseye and swanctl is not a recognised command. StrongSWAN is installed via apt, version 5.9.1-1 swanctl

Re: [strongSwan] Let's Encrypt CA Expiry & related StrongSWAN trouble

2021-10-06 Thread Philip Veale

I hadn't tried that, but tried, didn't change anything. I noticed things specifically related to StrongSWAN aren't working since the update to Bullseye and swanctl is not a recognised command. StrongSWAN is installed via apt, version 5.9.1-1 swanctl doesn't exist as a command and there is no

[strongSwan] Let's Encrypt CA Expiry & related StrongSWAN trouble

2021-10-06 Thread Philip Veale

So about a week about, one of the CAs in the chain Let'sEncrypt use (DST Root CA X3) expired. This shouldn't have been a problem for most clients, as it was cross signed with a CA that had not expired (ISRG Root X1) which most modern clients and devices should trust, though some older ones may not

Re: [strongSwan] Let's Encrypt CA Expiry & related StrongSWAN trouble

Re: [strongSwan] Let's Encrypt CA Expiry & related StrongSWAN trouble

Re: [strongSwan] Let's Encrypt CA Expiry & related StrongSWAN trouble

Re: [strongSwan] Let's Encrypt CA Expiry & related StrongSWAN trouble

Re: [strongSwan] Let's Encrypt CA Expiry & related StrongSWAN trouble

Re: [strongSwan] Let's Encrypt CA Expiry & related StrongSWAN trouble

[strongSwan] Let's Encrypt CA Expiry & related StrongSWAN trouble

7 matches

Site Navigation

Mail list logo

Footer information