Hi Wouter, Thank you for taking a look at my config file.
Sorry for any confusion. I am running Unbound 1.9.1. That should support the tls-cert-bundle option, correct? I had initially tried my config file with 1.9.2, but at Yuri's suggestion, I downgraded to the latest stable version, 1.9.1. The tls-cert-bundle option did not work with either 1.9.2 or 1.9.1. I am running Unbound compiled from source on a Raspberry Pi (Raspbian Jessie). I now think the problem may be in the OpenSSL version on Raspbian, which only supports TLS 1.2. Thank you for your help. Best, RoC *Wouter Wijngaards* wouter at nlnetlabs.nl <unbound-users%40nlnetlabs.nl?Subject=Re%3A%20TLS%20certificate%20question%20about%20Unbound%201.9.2&In-Reply-To=%3Caf5612a5-9698-4e0e-19d7-722013bcb885%40nlnetlabs.nl%3E> *Thu Apr 4 09:04:46 CEST 2019* Hi, So this config file is fine, the tls-cert-bundle should work find with a version of unbound that supports the options (eg. 1.9.2). Like, for me, it works. I guess you downgraded and are now using an older version that does not support the tls-cert-bundle option, so the unknown keyword error is accurate? Best regards, Wouter On 4/3/19 7:52 PM, rollingonchrome via Unbound-users wrote: >* Hello, *> >* Thank you for the replies. I believe I have the tls-cert-bundle *>* information correctly indented now. But, I am still getting the same *>* errors as before about unknown keywords and strays. *> >* It is indented like this: *> >* server: *> >* [a few lines omitted] *> >* #Added for DoT *>* tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt" *> >* Here is a link to my actual conf file if anyone would be willing to take *>* a look: *>* https://send.firefox.com/download/83192a35d41caf47/#G4NxNtajpM1KmZgLI-boBg <https://send.firefox.com/download/83192a35d41caf47/#G4NxNtajpM1KmZgLI-boBg> *> >* I've read that OpenSSL on Jessie doesn't support any TLS except 1.2, so *>* I'm wondering if that might be this issue. Not sure what version of TLS *>* Unbound 1.9.1 uses (I downgraded). *> >* Thank you for your help. *> >* Best, *> >* RoC*