Thanks to all the great information on this thread, I was able to finally resolve my certificate issue with mysb.com and get back up and running with full access to Tidal and Radio Paradise FLAC streams. First of all, here is a short and sweet summary of the problem from the openssl blog:
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire Since I am running Jessie on my RPi (don't judge me), I could not install openssl v1.1+, which would have taken care of the problem automatically. A complete apt upgrade, update, and install still left me with: Code: -------------------- pi@max2play:~ $ openssl version OpenSSL 1.0.1t 3 May 2016 -------------------- At that point, I considered upgrading in place to Stretch, but decided to first try every possible alternative. Using cpan (for the first time), I was able to upgrade IO::Socket::SSL from 2.002 (!) to 2.072 and Net::SSLeay from (1.58?) to 1.90. After rebooting, I still had the certificate error. At that point, I luckily saw Bernard's post about using 'dpkg-reconfigure ca-certificates', which I had never heard of. After struggling with the user interface on my Windows telnet session, I was able to use it to remove the offending expired 'DST Root CA X3' certificate from the trust store and also verify that the 'ISRG Root X1' certificate was present and unexpired (exp: 2035!). A quick test using 'openssl s_client' was promising: Code: -------------------- pi@max2play:~ $ openssl s_client -connect www.mysqueezebox.com:443 CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = www.squeezenetwork.com verify return:1 --- Certificate chain 0 s:/CN=www.squeezenetwork.com i:/C=US/O=Let's Encrypt/CN=R3 1 s:/C=US/O=Let's Encrypt/CN=R3 i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1 2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1 i:/O=Digital Signature Trust Co./CN=DST Root CA X3 --- . . . Start Time: 1633366296 Timeout : 300 (sec) Verify return code: 0 (ok) --- closed -------------------- And now it is all good (at least until 2035). :) I have one question for @Vegz78: Your post implies that you are running Jessie on your LMS machine. Did you have to remove the 'DST Root CA X3' certificate? If not, what version of openssl are you running ($openssl version)? Just curious. Thanks again to all who posted on this thread. Three days without Tidal streaming seemed like a lifetime... Sam ------------------------------------------------------------------------ SamY's Profile: http://forums.slimdevices.com/member.php?userid=63495 View this thread: http://forums.slimdevices.com/showthread.php?t=115185 _______________________________________________ Squeezecenter mailing list [email protected] http://lists.slimdevices.com/mailman/listinfo/squeezecenter
