On Wed, 6 Jan 2021 at 15:30, Stephen John Smoogen smooge@gmail.com wrote:
On Wed, 6 Jan 2021 at 14:40, Leon Fauster via CentOS-devel < centos-devel@centos.org> wrote:
On a C8 station:
LANG=C curl -I https://koji.mbox.centos.org curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html
this worked a couple of days ago. Any hints?
works for me
[smooge@xanadu ~]$ rpm -qa | grep openssl openssl-1.1.1g-11.el8.x86_64 apr-util-openssl-1.6.1-6.el8.x86_64 openssl-pkcs11-0.4.10-2.el8.x86_64 openssl-libs-1.1.1g-11.el8.x86_64 [smooge@xanadu ~]$ uname -a Linux xanadu.int.smoogespace.com 4.18.0-193.19.1.el8_2.x86_64 #1 SMP Mon Sep 14 14:37:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux [smooge@xanadu ~]$ LANG=C curl -I https://koji.mbox.centos.org HTTP/1.1 302 Found Date: Wed, 06 Jan 2021 20:30:08 GMT Server: Apache/2.4.39 (Fedora) mod_wsgi/4.6.4 Python/2.7 OpenSSL/1.1.1b Location: https://koji.mbox.centos.org/koji/ Connection: close Content-Type: text/html; charset=iso-8859-1
Added some -v to see if that might give some clues to why it is working for me. Letsencrypt recently upgraded their middle keys so the older one might be cached/installed somewhere?
[smooge@xanadu ~]$ LANG=C curl -vvv -I https://koji.mbox.centos.org * Rebuilt URL to: https://koji.mbox.centos.org/ * Trying 8.43.84.206... * TCP_NODELAY set * Connected to koji.mbox.centos.org (8.43.84.206) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server did not agree to a protocol * Server certificate: * subject: CN=koji.mbox.centos.org * start date: Jan 4 06:56:29 2021 GMT * expire date: Apr 4 06:56:29 2021 GMT * subjectAltName: host "koji.mbox.centos.org" matched cert's " koji.mbox.centos.org" * issuer: C=US; O=Let's Encrypt; CN=R3 * SSL certificate verify ok.
HEAD / HTTP/1.1 Host: koji.mbox.centos.org User-Agent: curl/7.61.1 Accept: */*
< HTTP/1.1 302 Found HTTP/1.1 302 Found < Date: Wed, 06 Jan 2021 20:31:21 GMT Date: Wed, 06 Jan 2021 20:31:21 GMT < Server: Apache/2.4.39 (Fedora) mod_wsgi/4.6.4 Python/2.7 OpenSSL/1.1.1b Server: Apache/2.4.39 (Fedora) mod_wsgi/4.6.4 Python/2.7 OpenSSL/1.1.1b < Location: https://koji.mbox.centos.org/koji/ Location: https://koji.mbox.centos.org/koji/ < Connection: close Connection: close < Content-Type: text/html; charset=iso-8859-1 Content-Type: text/html; charset=iso-8859-1
< * Closing connection 0 * TLSv1.2 (OUT), TLS alert, close notify (256):
-- Leon
CentOS-devel mailing list CentOS-devel@centos.org https://lists.centos.org/mailman/listinfo/centos-devel
-- Stephen J Smoogen.