[Blink] Expired certificate for Ubuntu Focal Repository?
Lars Noodén
lars.nooden at gmx.com
Thu Nov 4 17:33:17 CET 2021
> These certificates shouldn't be connected to the Let's encrypt issue in
> any way...
>
> When running update-ca-certificate, did you get the reply "added 1"?
>
> Make sure that this link is available:
> /etc/ssl/certs/lets-encrypt-r3.pem ->
> /usr/local/share/ca-certificates/lets-encrypt-r3.crt
>
> Maybe try after running `update-ca-certificate -f` ("Fresh updates").
>
> Ahhh wait, I also installed the Trustid X3 from here:
> https://letsencrypt.org/certs/trustid-x3-root.pem.txt - Maybe this
> together with the R3 did do the trick?
>
> According to Let's Encrypt this is the actual DST Root CA X3 certificate.
I tried adding that one too,
# update-ca-certificates
Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
Adding debian:trustid-x3-root.pem
but I still get the SSL certificate verification error.
I see a pair of certificates mentioned in the log file, pjsip_trace.txt,
but they are good through 2029-1-24 and 2022-0-17 respectively. The
error in the log looks like this:
[blink 1001] (1) b'2021-11-04 18:28:27.955 ssl0x7fdb80028320
[SSL_set_tlsext_host_name] server_name:sip2sip.info'
[blink 1001] (1) b'2021-11-04 18:28:28.047 ssl_sock_ossl.c [local
TLS certificate] subject:/C=NL/ST=Noord-Holland/L=Haarlem/O=AG
Projects/OU=Blink/CN=Blink/emailAddress=devel at ag-projects.com |
issuer:/C=NL/ST=Noord-Holland/L=Haarlem/O=AG
Projects/OU=Development/CN=AG Projects
Development/emailAddress=devel at ag-projects.com | valid until:2029-1-24'
[blink 1001] (1) b"2021-11-04 18:28:28.047 ssl_sock_ossl.c
[remote TLS certificate] subject:/CN=sip2sip.info | issuer:/C=US/O=Let's
Encrypt/CN=R3 | valid until:2022-0-17 | host:85.17.186.23:50451"
[blink 1001] (4) b'2021-11-04 18:28:28.047 sip_transport.c
Transport tlsc0x7fdb801289a8 shutting down, force=0'
[blink 1001] (3) b'2021-11-04 18:28:28.047 tlsc0x7fdb801289a8 TLS
connect() error: [code=171173] peer: 85.17.186.23: SSL certificate
verification error (PJSIP_TLS_ECERTVERIF)'
[blink 1001] (3) b'2021-11-04 18:28:28.047 tsx0x7fdb800e7bd8 Failed
to send Request msg INVITE/cseq=20872 (tdta0x7fdb800b8558)! err=171173
(SSL certificate verification error (PJSIP_TLS_ECERTVERIF))'
[blink 1001] (5) b'2021-11-04 18:28:28.047 tsx0x7fdb800e7bd8 State
changed from Calling to Terminated, event=TRANSPORT_ERROR'
/Lars
More information about the Blink
mailing list