On 30/09/2021 23:32, Miroslav Lachman wrote:
Certificate verification failed for /O=Digital Signature Trust
Co./CN=DST Root CA X3
34374359624:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify
failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269:
[...]
Uz me moc nenapada, co jeste zkusit, aby fetch na FreeBSD 11.2 s
ca_root_nss-3.63 byl schopny stahnout soubor z webserveru s aktualnim
Let's Encrypt certifikatem.
Zeptej se a odpovez si sam :)
Pravdepodobne je to tenhle problem se starym OpenSSL 1.0:
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
https://community.letsencrypt.org/t/openssl-client-compatibility-changes-for-let-s-encrypt-certificates/143816
Last month, we announced that we've developed a way for Let's Encrypt
subscribers to keep supporting older Android devices after our
cross-signature from DST Root CA X3 expires this September.
There is one notable exception: OpenSSL versions 1.0.0 through 1.0.2
will reject the Android-compatible chain, regardless of whether they
have ISRG Root X1 in their trust store.
Takze bych jedine musel na webserveru pouzivat jiny chain a tim
odriznout zarizeni se starym Androidem 7.1.0.
Nebo muzu pro ten konkretni pripad pouzit --no-verify-peer.
Mirek
--
FreeBSD mailing list ([email protected])
http://www.freebsd.cz/listserv/listinfo/users-l