[Blink] [solved] Re: Expired certificate for Ubuntu Focal Repository?

Lars Noodén lars.nooden at gmx.com
Thu Nov 4 20:04:50 CET 2021


On 11/4/21 20:51, g4-lisz at tonarchiv.ch wrote:
> On 04.11.21 19:29, Lars Noodén wrote:
>> On 11/4/21 20:22, g4-lisz at tonarchiv.ch wrote:
>>> ... but you could try this:
>>>
>>>     ~$ env SSL_CERT_DIR=/etc/ssl/certs/ blink
>>
>> Thanks.  The error still persists even with that method.
>>
>>> (start blink from command line using default debian CA cert directory
>>> for openssl)
>> What would the path for that likely be?
>>
> /etc/ssl/certs/ is the default CA directory on Debian...
>
> It seems that Blink does not use external CA directories.
>
> But I found this file: /usr/share/blink/tls/ca.crt
>
> Maybe you can just add the content of
> /usr/local/share/ca-certificates/lets-encrypt-r3.crt to the end of this
> file...
>
> Not sure if you also need some header before the -----BEGIN
> CERTIFICATE----- line...
>
> This would be something like:
>
> # Lets' Encrypt
> # Issuer: C = US, O = Internet Security Research Group, CN = ISRG Root X1
> # Subject: C = US, O = Let's Encrypt, CN = R3
>
> The X3 cert of Let's Encrypt in my /usr/share/blink/tls/ca.crt is
> definitely outdated.
>
> You should probably delete the last smaller block of the two, starting with
>
> -----BEGIN CERTIFICATE-----
> MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/
>
> But make a backup of /usr/share/blink/tls/ca.crt first!

Thanks!  I made a back up of ca.crt, removed the last certificate, and
then appended lets-encrypt-r3.crt to the file.  That has gotten rid of
the error.   I can now dial out.

I had previously tried reinstalling Blink so maybe the new certificate
needs to be packaged?

/Lars


More information about the Blink mailing list