On Wed, 6 Jan 2021 at 15:30, Stephen John Smoogen <smooge at gmail.com> wrote: > > > On Wed, 6 Jan 2021 at 14:40, Leon Fauster via CentOS-devel < > centos-devel at centos.org> wrote: > >> On a C8 station: >> >> LANG=C curl -I https://koji.mbox.centos.org >> curl: (60) SSL certificate problem: unable to get local issuer certificate >> More details here: https://curl.haxx.se/docs/sslcerts.html >> >> this worked a couple of days ago. Any hints? >> >> > works for me > > [smooge at xanadu ~]$ rpm -qa | grep openssl > openssl-1.1.1g-11.el8.x86_64 > apr-util-openssl-1.6.1-6.el8.x86_64 > openssl-pkcs11-0.4.10-2.el8.x86_64 > openssl-libs-1.1.1g-11.el8.x86_64 > [smooge at xanadu ~]$ uname -a > Linux xanadu.int.smoogespace.com 4.18.0-193.19.1.el8_2.x86_64 #1 SMP Mon > Sep 14 14:37:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux > [smooge at xanadu ~]$ LANG=C curl -I https://koji.mbox.centos.org > HTTP/1.1 302 Found > Date: Wed, 06 Jan 2021 20:30:08 GMT > Server: Apache/2.4.39 (Fedora) mod_wsgi/4.6.4 Python/2.7 OpenSSL/1.1.1b > Location: https://koji.mbox.centos.org/koji/ > Connection: close > Content-Type: text/html; charset=iso-8859-1 > > Added some -v to see if that might give some clues to why it is working for me. Letsencrypt recently upgraded their middle keys so the older one might be cached/installed somewhere? [smooge at xanadu ~]$ LANG=C curl -vvv -I https://koji.mbox.centos.org * Rebuilt URL to: https://koji.mbox.centos.org/ * Trying 8.43.84.206... * TCP_NODELAY set * Connected to koji.mbox.centos.org (8.43.84.206) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server did not agree to a protocol * Server certificate: * subject: CN=koji.mbox.centos.org * start date: Jan 4 06:56:29 2021 GMT * expire date: Apr 4 06:56:29 2021 GMT * subjectAltName: host "koji.mbox.centos.org" matched cert's " koji.mbox.centos.org" * issuer: C=US; O=Let's Encrypt; CN=R3 * SSL certificate verify ok. > HEAD / HTTP/1.1 > Host: koji.mbox.centos.org > User-Agent: curl/7.61.1 > Accept: */* > < HTTP/1.1 302 Found HTTP/1.1 302 Found < Date: Wed, 06 Jan 2021 20:31:21 GMT Date: Wed, 06 Jan 2021 20:31:21 GMT < Server: Apache/2.4.39 (Fedora) mod_wsgi/4.6.4 Python/2.7 OpenSSL/1.1.1b Server: Apache/2.4.39 (Fedora) mod_wsgi/4.6.4 Python/2.7 OpenSSL/1.1.1b < Location: https://koji.mbox.centos.org/koji/ Location: https://koji.mbox.centos.org/koji/ < Connection: close Connection: close < Content-Type: text/html; charset=iso-8859-1 Content-Type: text/html; charset=iso-8859-1 < * Closing connection 0 * TLSv1.2 (OUT), TLS alert, close notify (256): > > > >> -- >> Leon >> >> _______________________________________________ >> CentOS-devel mailing list >> CentOS-devel at centos.org >> https://lists.centos.org/mailman/listinfo/centos-devel >> > > > -- > Stephen J Smoogen. > > -- Stephen J Smoogen. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20210106/cd7b3e38/attachment-0005.html>