Maybe the original reporter was seeing the same class of problem described: not a missing chrony config file or certificate, but a network/path issue where the NTS key exchange succeeds and the later authenticated NTP traffic over UDP/123 is silently dropped.
That could also explain why this might be under-reported. On typical desktop PCs the hardware RTC/mainboard clock will keep time reasonably well across reboots, so an average user may not immediately notice that the system is not actually synchronized. They may only notice later via TLS/certificate issues, log timestamps, Kerberos, VPNs, or other time- sensitive applications. I am also wondering whether Ubuntu Desktop gives any visible warning in this situation. If chrony is active but cannot reach any usable NTS source, does GNOME/Ubuntu show a notification or any clear indication in Settings? Or is the failure only visible if the user manually checks timedatectl, chronyc tracking, chronyc sources, or the journal? If there is no user-visible warning, then networks which drop or mangle NTS-shaped UDP/123 traffic could affect more users than bug reports suggest. Even if the root cause is outside Ubuntu, it may still be worth improving diagnostics, documentation, or fallback guidance for the default NTS configuration. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2152270 Title: nts-bootstrap-ubuntu.crt missing CN=ubuntu CA cert, NTS sync fails on fresh install To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/2152270/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
