Can't connect to acme-v02.api.letsencrypt.org

You may want to do one more test. Swap the IP addresses of the original and the cloned system. Then check if the problem is moving with the IP, or not.

6 Likes

Thanks for the advice @bruncsak :slight_smile:

Unfortunately I think I can't put the original IP in the cloned server to test if there it doesn't work, as I can only swap floating ips, and that ip is not one.

However, I've assigned a floating ip to the original server and if I force curl to use that interface, it is working correctly :open_mouth: So it seems to be something at network level with that ip :confounded:

4 Likes

Is outbound HTTPS working in general for other hosts? What does curl -v https://letsencrypt.org/ give?

5 Likes

Yep, for other hosts it's working without any problems, for example for letsencrypt.org:

*   Trying 18.159.128.50:443...
* TCP_NODELAY set
* Connected to letsencrypt.org (18.159.128.50) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=lencr.org
*  start date: Oct 10 03:00:44 2021 GMT
*  expire date: Jan  8 03:00:43 2022 GMT
*  subjectAltName: host "letsencrypt.org" matched cert's "letsencrypt.org"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5630cee73860)
> GET / HTTP/2
> Host: letsencrypt.org
> user-agent: curl/7.68.0
> accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 4294967295)!
< HTTP/2 200 
< cache-control: public, max-age=0, must-revalidate
< content-security-policy: default-src 'none'; font-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' data: https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://donorbox.org https://js.stripe.com/v3/ https://sdks.shopifycdn.com ; img-src 'self' data: blob: https://www.google-analytics.com https://www.paypal.com https://www.paypalobjects.com https://ak2s.abmr.net https://ak1s.abmr.net https://www.google.com https://cdn.shopify.com https://v.shopify.com ; frame-src https://donorbox.org https://www.youtube.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://js.stripe.com/v3/ https://js.stripe.com/v2/ ; connect-src 'self' https://d4twhgtvn0ff5.cloudfront.net/ https://letsencrypt-merch.myshopify.com https://monorail-edge.shopifysvc.com ;
< content-type: text/html; charset=UTF-8
< date: Tue, 30 Nov 2021 23:02:58 GMT
< etag: "2510200eef2605575b5f53da49fcb4fa-ssl"
< permissions-policy: geolocation=(), midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(), fullscreen=(self), interest-cohort=()
< referrer-policy: no-referrer
< strict-transport-security: max-age=31536000
< x-xss-protection: 1; mode=block
< age: 60106
< server: Netlify
< x-nf-request-id: 01FNVAPS8CBKQR6CMQZHXMCS45
< content-length: 34074
< x-content-type-options: nosniff
< x-frame-options: DENY
< 
and here goes the html content...
4 Likes

Is the error immediate, or delayed (like time-out)?

4 Likes

7 posts were split to a new topic: Unable to validate certificate

Hello @bruncsak ! The error is immediate

2 Likes

Can you try this path? This is the starting point.

https://acme-v02.api.letsencrypt.org/directory

You should see this:

|||
|---|---|
|D32_oKU6bYU|https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417|
|keyChange|https://acme-v02.api.letsencrypt.org/acme/key-change|
|meta||
|caaIdentities||
|0|letsencrypt.org|
|termsOfService|https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf|
|website|https://letsencrypt.org|
|newAccount|https://acme-v02.api.letsencrypt.org/acme/new-acct|
|newNonce|https://acme-v02.api.letsencrypt.org/acme/new-nonce|
|newOrder|https://acme-v02.api.letsencrypt.org/acme/new-order|
|revokeCert|https://acme-v02.api.letsencrypt.org/acme/revoke-cert|
6 Likes

Hello @JimPas ! I get the same error :cry:

> curl -v https://acme-v02.api.letsencrypt.org/directory
*   Trying 172.65.32.248:443...
* TCP_NODELAY set
* Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to acme-v02.api.letsencrypt.org:443 
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to acme-v02.api.letsencrypt.org:443 
2 Likes

Please show:
ls -ltr /etc/ssl/certs/

6 Likes

@CBImag This is probably not useful but does this work?

With your curl version (any 7.54.0 or later):
curl -v --tls-max 1.2 https://acme-v02.api.letsencrypt.org/directory

If you try a system with an earlier curl version
curl -v --tlsv1.2 https://acme-v02.api.letsencrypt.org/directory

NOTE: Current LE server service disruption may result in http error 503. So wait until that resolves or ignore that as it would show connect or not before the 503.

7 Likes

It has been down for a bit now. I believe the issue is with the service disruption. I am unable to create a cert right now either:

$ curl -v --tls-max 1.2 https://acme-v02.api.letsencrypt.org/directory

  • Trying 172.65.32.248:443...
  • TCP_NODELAY set
  • Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs
  • TLSv1.2 (OUT), TLS handshake, Client hello (1):
  • TLSv1.2 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  • TLSv1.2 (IN), TLS handshake, Server finished (14):
  • TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  • TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.2 (OUT), TLS handshake, Finished (20):
  • TLSv1.2 (IN), TLS handshake, Finished (20):
  • SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
  • ALPN, server accepted to use h2
  • Server certificate:
  • subject: CN=acme-v02.api.letsencrypt.org
  • start date: Nov 29 10:15:07 2021 GMT
  • expire date: Feb 27 10:15:06 2022 GMT
  • subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's "acme-v02.api.letsencrypt.org"
  • issuer: C=US; O=Let's Encrypt; CN=R3
  • SSL certificate verify ok.
  • Using HTTP2, server supports multi-use
  • Connection state changed (HTTP/2 confirmed)
  • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
  • Using Stream ID: 1 (easy handle 0x7ffff6919c50)

GET /directory HTTP/2
Host: acme-v02.api.letsencrypt.org
user-agent: curl/7.68.0
accept: /

  • Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
    < HTTP/2 503
    < server: nginx
    < date: Thu, 02 Dec 2021 20:14:10 GMT
    < content-type: application/problem+json
    < content-length: 178
    < etag: "611d36ef-b2"
    <
    {
    "type": "urn:acme:error:serverInternal",
    "detail": "The service is down for maintenance or had an internal error. Check https://letsencrypt.status.io/ for more details."
    }
  • Connection #0 to host acme-v02.api.letsencrypt.org left intact
3 Likes

@jmillpps You're correct, your error is due to the service disruption and is a different issue than the issue described in this thread.

5 Likes

Hello! Thank you all for helping me :relaxed:

@rg305 here is the output

> ls -ltr /etc/ssl/certs/
total 572
lrwxrwxrwx 1 root root     48 May 14  2020  ACCVRAIZ1.pem -> /usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt
lrwxrwxrwx 1 root root     55 May 14  2020  AC_RAIZ_FNMT-RCM.pem -> /usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx 1 root root     69 May 14  2020  Actalis_Authentication_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt
lrwxrwxrwx 1 root root     61 May 14  2020  AffirmTrust_Commercial.pem -> /usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt
lrwxrwxrwx 1 root root     61 May 14  2020  AffirmTrust_Networking.pem -> /usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt
lrwxrwxrwx 1 root root     58 May 14  2020  AffirmTrust_Premium.pem -> /usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt
lrwxrwxrwx 1 root root     62 May 14  2020  AffirmTrust_Premium_ECC.pem -> /usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt
lrwxrwxrwx 1 root root     55 May 14  2020  Amazon_Root_CA_1.pem -> /usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt
lrwxrwxrwx 1 root root     55 May 14  2020  Amazon_Root_CA_2.pem -> /usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt
lrwxrwxrwx 1 root root     55 May 14  2020  Amazon_Root_CA_3.pem -> /usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt
lrwxrwxrwx 1 root root     55 May 14  2020  Amazon_Root_CA_4.pem -> /usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt
lrwxrwxrwx 1 root root     60 May 14  2020  Atos_TrustedRoot_2011.pem -> /usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt
lrwxrwxrwx 1 root root     96 May 14  2020  Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem -> /usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx 1 root root     64 May 14  2020  Baltimore_CyberTrust_Root.pem -> /usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt
lrwxrwxrwx 1 root root     62 May 14  2020  Buypass_Class_2_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt
lrwxrwxrwx 1 root root     62 May 14  2020  Buypass_Class_3_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt
lrwxrwxrwx 1 root root     55 May 14  2020  CA_Disig_Root_R2.pem -> /usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt
lrwxrwxrwx 1 root root     51 May 14  2020  CFCA_EV_ROOT.pem -> /usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt
lrwxrwxrwx 1 root root     69 May 14  2020  COMODO_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt
lrwxrwxrwx 1 root root     73 May 14  2020  COMODO_ECC_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root root     73 May 14  2020  COMODO_RSA_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root root     47 May 14  2020  Certigna.pem -> /usr/share/ca-certificates/mozilla/Certigna.crt
lrwxrwxrwx 1 root root     64 May 14  2020  Certum_Trusted_Network_CA.pem -> /usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt
lrwxrwxrwx 1 root root     66 May 14  2020  Certum_Trusted_Network_CA_2.pem -> /usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx 1 root root     71 May 14  2020  Chambers_of_Commerce_Root_-_2008.pem -> /usr/share/ca-certificates/mozilla/Chambers_of_Commerce_Root_-_2008.crt
lrwxrwxrwx 1 root root     63 May 14  2020  Comodo_AAA_Services_root.pem -> /usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt
lrwxrwxrwx 1 root root     61 May 14  2020  Cybertrust_Global_Root.pem -> /usr/share/ca-certificates/mozilla/Cybertrust_Global_Root.crt
lrwxrwxrwx 1 root root     69 May 14  2020  D-TRUST_Root_Class_3_CA_2_2009.pem -> /usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx 1 root root     72 May 14  2020  D-TRUST_Root_Class_3_CA_2_EV_2009.pem -> /usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx 1 root root     66 May 14  2020  DigiCert_Assured_ID_Root_CA.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx 1 root root     66 May 14  2020  DigiCert_Assured_ID_Root_G2.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx 1 root root     66 May 14  2020  DigiCert_Assured_ID_Root_G3.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx 1 root root     62 May 14  2020  DigiCert_Global_Root_CA.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt
lrwxrwxrwx 1 root root     62 May 14  2020  DigiCert_Global_Root_G2.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt
lrwxrwxrwx 1 root root     62 May 14  2020  DigiCert_Global_Root_G3.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt
lrwxrwxrwx 1 root root     73 May 14  2020  DigiCert_High_Assurance_EV_Root_CA.pem -> /usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx 1 root root     63 May 14  2020  DigiCert_Trusted_Root_G4.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx 1 root root     70 May 14  2020  E-Tugra_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt
lrwxrwxrwx 1 root root     45 May 14  2020  EC-ACC.pem -> /usr/share/ca-certificates/mozilla/EC-ACC.crt
lrwxrwxrwx 1 root root     80 May 14  2020  Entrust.net_Premium_2048_Secure_Server_CA.pem -> /usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx 1 root root     75 May 14  2020  Entrust_Root_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt
lrwxrwxrwx 1 root root     81 May 14  2020  Entrust_Root_Certification_Authority_-_EC1.pem -> /usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx 1 root root     80 May 14  2020  Entrust_Root_Certification_Authority_-_G2.pem -> /usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx 1 root root     61 May 14  2020  GDCA_TrustAUTH_R5_ROOT.pem -> /usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx 1 root root     84 May 14  2020  GeoTrust_Primary_Certification_Authority_-_G2.pem -> /usr/share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt
lrwxrwxrwx 1 root root     66 May 14  2020  GlobalSign_ECC_Root_CA_-_R4.pem -> /usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx 1 root root     66 May 14  2020  GlobalSign_ECC_Root_CA_-_R5.pem -> /usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx 1 root root     57 May 14  2020  GlobalSign_Root_CA.pem -> /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt
lrwxrwxrwx 1 root root     62 May 14  2020  GlobalSign_Root_CA_-_R2.pem -> /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R2.crt
lrwxrwxrwx 1 root root     62 May 14  2020  GlobalSign_Root_CA_-_R3.pem -> /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx 1 root root     62 May 14  2020  GlobalSign_Root_CA_-_R6.pem -> /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx 1 root root     69 May 14  2020  Global_Chambersign_Root_-_2008.pem -> /usr/share/ca-certificates/mozilla/Global_Chambersign_Root_-_2008.crt
lrwxrwxrwx 1 root root     58 May 14  2020  Go_Daddy_Class_2_CA.pem -> /usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt
lrwxrwxrwx 1 root root     79 May 14  2020  Go_Daddy_Root_Certificate_Authority_-_G2.pem -> /usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root root     98 May 14  2020  Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem -> /usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx 1 root root     94 May 14  2020  Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem -> /usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx 1 root root     94 May 14  2020  Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem -> /usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx 1 root root     62 May 14  2020  Hongkong_Post_Root_CA_1.pem -> /usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx 1 root root     51 May 14  2020  ISRG_Root_X1.pem -> /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt
lrwxrwxrwx 1 root root     69 May 14  2020  IdenTrust_Commercial_Root_CA_1.pem -> /usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt
lrwxrwxrwx 1 root root     72 May 14  2020  IdenTrust_Public_Sector_Root_CA_1.pem -> /usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx 1 root root     49 May 14  2020  Izenpe.com.pem -> /usr/share/ca-certificates/mozilla/Izenpe.com.crt
lrwxrwxrwx 1 root root     69 May 14  2020  Microsec_e-Szigno_Root_CA_2009.pem -> /usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx 1 root root     83 May 14  2020 'NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem' -> '/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt'
lrwxrwxrwx 1 root root     78 May 14  2020  Network_Solutions_Certificate_Authority.pem -> /usr/share/ca-certificates/mozilla/Network_Solutions_Certificate_Authority.crt
lrwxrwxrwx 1 root root     70 May 14  2020  OISTE_WISeKey_Global_Root_GB_CA.pem -> /usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx 1 root root     70 May 14  2020  OISTE_WISeKey_Global_Root_GC_CA.pem -> /usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx 1 root root     55 May 14  2020  QuoVadis_Root_CA.pem -> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA.crt
lrwxrwxrwx 1 root root     60 May 14  2020  QuoVadis_Root_CA_1_G3.pem -> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx 1 root root     57 May 14  2020  QuoVadis_Root_CA_2.pem -> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt
lrwxrwxrwx 1 root root     60 May 14  2020  QuoVadis_Root_CA_2_G3.pem -> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx 1 root root     57 May 14  2020  QuoVadis_Root_CA_3.pem -> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt
lrwxrwxrwx 1 root root     60 May 14  2020  QuoVadis_Root_CA_3_G3.pem -> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx 1 root root     82 May 14  2020  SSL.com_EV_Root_Certification_Authority_ECC.pem -> /usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root root     85 May 14  2020  SSL.com_EV_Root_Certification_Authority_RSA_R2.pem -> /usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx 1 root root     79 May 14  2020  SSL.com_Root_Certification_Authority_ECC.pem -> /usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root root     79 May 14  2020  SSL.com_Root_Certification_Authority_RSA.pem -> /usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx 1 root root     54 May 14  2020  SZAFIR_ROOT_CA2.pem -> /usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt
lrwxrwxrwx 1 root root     58 May 14  2020  SecureSign_RootCA11.pem -> /usr/share/ca-certificates/mozilla/SecureSign_RootCA11.crt
lrwxrwxrwx 1 root root     53 May 14  2020  SecureTrust_CA.pem -> /usr/share/ca-certificates/mozilla/SecureTrust_CA.crt
lrwxrwxrwx 1 root root     55 May 14  2020  Secure_Global_CA.pem -> /usr/share/ca-certificates/mozilla/Secure_Global_CA.crt
lrwxrwxrwx 1 root root     69 May 14  2020  Security_Communication_RootCA2.pem -> /usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt
lrwxrwxrwx 1 root root     69 May 14  2020  Security_Communication_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt
lrwxrwxrwx 1 root root     61 May 14  2020  Sonera_Class_2_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Sonera_Class_2_Root_CA.crt
lrwxrwxrwx 1 root root     71 May 14  2020  Staat_der_Nederlanden_EV_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_EV_Root_CA.crt
lrwxrwxrwx 1 root root     73 May 14  2020  Staat_der_Nederlanden_Root_CA_-_G3.pem -> /usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt
lrwxrwxrwx 1 root root     59 May 14  2020  Starfield_Class_2_CA.pem -> /usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt
lrwxrwxrwx 1 root root     80 May 14  2020  Starfield_Root_Certificate_Authority_-_G2.pem -> /usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root root     89 May 14  2020  Starfield_Services_Root_Certificate_Authority_-_G2.pem -> /usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root root     61 May 14  2020  SwissSign_Gold_CA_-_G2.pem -> /usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx 1 root root     63 May 14  2020  SwissSign_Silver_CA_-_G2.pem -> /usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx 1 root root     67 May 14  2020  T-TeleSec_GlobalRoot_Class_2.pem -> /usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx 1 root root     67 May 14  2020  T-TeleSec_GlobalRoot_Class_3.pem -> /usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx 1 root root     84 May 14  2020  TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem -> /usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
lrwxrwxrwx 1 root root     58 May 14  2020  TWCA_Global_Root_CA.pem -> /usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt
lrwxrwxrwx 1 root root     72 May 14  2020  TWCA_Root_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt
lrwxrwxrwx 1 root root     61 May 14  2020  TeliaSonera_Root_CA_v1.pem -> /usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx 1 root root     53 May 14  2020  TrustCor_ECA-1.pem -> /usr/share/ca-certificates/mozilla/TrustCor_ECA-1.crt
lrwxrwxrwx 1 root root     61 May 14  2020  TrustCor_RootCert_CA-1.pem -> /usr/share/ca-certificates/mozilla/TrustCor_RootCert_CA-1.crt
lrwxrwxrwx 1 root root     61 May 14  2020  TrustCor_RootCert_CA-2.pem -> /usr/share/ca-certificates/mozilla/TrustCor_RootCert_CA-2.crt
lrwxrwxrwx 1 root root     58 May 14  2020  Trustis_FPS_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Trustis_FPS_Root_CA.crt
lrwxrwxrwx 1 root root     76 May 14  2020  USERTrust_ECC_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root root     76 May 14  2020  USERTrust_RSA_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root root     86 May 14  2020  VeriSign_Universal_Root_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/VeriSign_Universal_Root_Certification_Authority.crt
lrwxrwxrwx 1 root root     59 May 14  2020  XRamp_Global_CA_Root.pem -> /usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt
lrwxrwxrwx 1 root root     55 May 14  2020  certSIGN_ROOT_CA.pem -> /usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt
lrwxrwxrwx 1 root root     72 May 14  2020  ePKI_Root_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt
lrwxrwxrwx 1 root root     19 May 14  2020  fe8a2cd8.0 -> SZAFIR_ROOT_CA2.pem
lrwxrwxrwx 1 root root     41 May 14  2020  fc5a8f99.0 -> USERTrust_RSA_Certification_Authority.pem
lrwxrwxrwx 1 root root     18 May 14  2020  f39fc864.0 -> SecureTrust_CA.pem
lrwxrwxrwx 1 root root     47 May 14  2020  f0c70a8d.0 -> SSL.com_EV_Root_Certification_Authority_ECC.pem
lrwxrwxrwx 1 root root     23 May 14  2020  f081611a.0 -> Go_Daddy_Class_2_CA.pem
lrwxrwxrwx 1 root root     38 May 14  2020  eed8c118.0 -> COMODO_ECC_Certification_Authority.pem
lrwxrwxrwx 1 root root     27 May 14  2020  e8de2f56.0 -> Buypass_Class_3_Root_CA.pem
lrwxrwxrwx 1 root root     35 May 14  2020  e73d606e.0 -> OISTE_WISeKey_Global_Root_GB_CA.pem
lrwxrwxrwx 1 root root     25 May 14  2020  e36a6752.0 -> Atos_TrustedRoot_2011.pem
lrwxrwxrwx 1 root root     25 May 14  2020  e18bfb83.0 -> QuoVadis_Root_CA_3_G3.pem
lrwxrwxrwx 1 root root     12 May 14  2020  e113c810.0 -> Certigna.pem
lrwxrwxrwx 1 root root     20 May 14  2020  de6d66f3.0 -> Amazon_Root_CA_4.pem
lrwxrwxrwx 1 root root     27 May 14  2020  dd8e9d41.0 -> DigiCert_Global_Root_G3.pem
lrwxrwxrwx 1 root root     23 May 14  2020  d853d49e.0 -> Trustis_FPS_Root_CA.pem
lrwxrwxrwx 1 root root     38 May 14  2020  d6325660.0 -> COMODO_RSA_Certification_Authority.pem
lrwxrwxrwx 1 root root     37 May 14  2020  d4dae3dd.0 -> D-TRUST_Root_Class_3_CA_2_EV_2009.pem
lrwxrwxrwx 1 root root     20 May 14  2020  ce5e74ef.0 -> Amazon_Root_CA_1.pem
lrwxrwxrwx 1 root root     20 May 14  2020  cd8c0d63.0 -> AC_RAIZ_FNMT-RCM.pem
lrwxrwxrwx 1 root root     44 May 14  2020  cbf06781.0 -> Go_Daddy_Root_Certificate_Authority_-_G2.pem
lrwxrwxrwx 1 root root     37 May 14  2020  ca6e4ad9.0 -> ePKI_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root     34 May 14  2020  c28a8a30.0 -> D-TRUST_Root_Class_3_CA_2_2009.pem
lrwxrwxrwx 1 root root     51 May 14  2020  c01cdfa2.0 -> VeriSign_Universal_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root     37 May 14  2020  b7a5b843.0 -> TWCA_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root     20 May 14  2020  b66938e9.0 -> Secure_Global_CA.pem
lrwxrwxrwx 1 root root     31 May 14  2020  b1159c4c.0 -> DigiCert_Assured_ID_Root_CA.pem
lrwxrwxrwx 1 root root     31 May 14  2020  b0e59380.0 -> GlobalSign_ECC_Root_CA_-_R4.pem
lrwxrwxrwx 1 root root     45 May 14  2020  aee5f10d.0 -> Entrust.net_Premium_2048_Secure_Server_CA.pem
lrwxrwxrwx 1 root root     13 May 14  2020  a94d09e5.0 -> ACCVRAIZ1.pem
lrwxrwxrwx 1 root root     26 May 14  2020  9c2e7d30.0 -> Sonera_Class_2_Root_CA.pem
lrwxrwxrwx 1 root root     48 May 14  2020  988a38cb.0 -> 'NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem'
lrwxrwxrwx 1 root root     34 May 14  2020  930ac5d2.0 -> Actalis_Authentication_Root_CA.pem
lrwxrwxrwx 1 root root     20 May 14  2020  8cb5ee0f.0 -> Amazon_Root_CA_3.pem
lrwxrwxrwx 1 root root     31 May 14  2020  7f3d5d1d.0 -> DigiCert_Assured_ID_Root_G3.pem
lrwxrwxrwx 1 root root     18 May 14  2020  7aaf71c0.0 -> TrustCor_ECA-1.pem
lrwxrwxrwx 1 root root     35 May 14  2020  773e07ad.0 -> OISTE_WISeKey_Global_Root_GC_CA.pem
lrwxrwxrwx 1 root root     63 May 14  2020  7719f463.0 -> Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
lrwxrwxrwx 1 root root     22 May 14  2020  76faf6c0.0 -> QuoVadis_Root_CA_3.pem
lrwxrwxrwx 1 root root     26 May 14  2020  76cb8f92.0 -> Cybertrust_Global_Root.pem
lrwxrwxrwx 1 root root     25 May 14  2020  749e9e03.0 -> QuoVadis_Root_CA_1_G3.pem
lrwxrwxrwx 1 root root     20 May 14  2020  6d41d539.0 -> Amazon_Root_CA_2.pem
lrwxrwxrwx 1 root root     27 May 14  2020  607986c7.0 -> DigiCert_Global_Root_G2.pem
lrwxrwxrwx 1 root root     26 May 14  2020  5d3033c5.0 -> TrustCor_RootCert_CA-1.pem
lrwxrwxrwx 1 root root     26 May 14  2020  5cd81ad7.0 -> TeliaSonera_Root_CA_v1.pem
lrwxrwxrwx 1 root root     38 May 14  2020  5a4d6896.0 -> Staat_der_Nederlanden_Root_CA_-_G3.pem
lrwxrwxrwx 1 root root     28 May 14  2020  57bcb2da.0 -> SwissSign_Silver_CA_-_G2.pem
lrwxrwxrwx 1 root root     27 May 14  2020  54657681.0 -> Buypass_Class_2_Root_CA.pem
lrwxrwxrwx 1 root root     26 May 14  2020  4f316efb.0 -> SwissSign_Gold_CA_-_G2.pem
lrwxrwxrwx 1 root root     45 May 14  2020  4bfab552.0 -> Starfield_Root_Certificate_Authority_-_G2.pem
lrwxrwxrwx 1 root root     27 May 14  2020  4a6481c9.0 -> GlobalSign_Root_CA_-_R2.pem
lrwxrwxrwx 1 root root     34 May 14  2020  40547a79.0 -> COMODO_Certification_Authority.pem
lrwxrwxrwx 1 root root     16 May 14  2020  4042bcee.0 -> ISRG_Root_X1.pem
lrwxrwxrwx 1 root root     31 May 14  2020  40193066.0 -> Certum_Trusted_Network_CA_2.pem
lrwxrwxrwx 1 root root     26 May 14  2020  3e44d2f7.0 -> TrustCor_RootCert_CA-2.pem
lrwxrwxrwx 1 root root     61 May 14  2020  3bde41ac.0 -> Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
lrwxrwxrwx 1 root root     10 May 14  2020  349f2832.0 -> EC-ACC.pem
lrwxrwxrwx 1 root root     59 May 14  2020  32888f65.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
lrwxrwxrwx 1 root root     38 May 14  2020  244b5494.0 -> DigiCert_High_Assurance_EV_Root_CA.pem
lrwxrwxrwx 1 root root     32 May 14  2020  1e09d511.0 -> T-TeleSec_GlobalRoot_Class_2.pem
lrwxrwxrwx 1 root root     31 May 14  2020  1d3472b9.0 -> GlobalSign_ECC_Root_CA_-_R5.pem
lrwxrwxrwx 1 root root     59 May 14  2020  1636090b.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
lrwxrwxrwx 1 root root     46 May 14  2020  106f3e4d.0 -> Entrust_Root_Certification_Authority_-_EC1.pem
lrwxrwxrwx 1 root root     26 May 14  2020  0f6fa695.0 -> GDCA_TrustAUTH_R5_ROOT.pem
lrwxrwxrwx 1 root root     34 May 14  2020  0c4c9b6c.0 -> Global_Chambersign_Root_-_2008.pem
lrwxrwxrwx 1 root root     16 May 14  2020  0b1b94ef.0 -> CFCA_EV_ROOT.pem
lrwxrwxrwx 1 root root     54 May 14  2020  09789157.0 -> Starfield_Services_Root_Certificate_Authority_-_G2.pem
lrwxrwxrwx 1 root root     50 May 14  2020  06dc52d5.0 -> SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
lrwxrwxrwx 1 root root     27 May 14  2020  062cdee6.0 -> GlobalSign_Root_CA_-_R3.pem
lrwxrwxrwx 1 root root     49 May 14  2020  ff34af3f.0 -> TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
lrwxrwxrwx 1 root root     24 May 14  2020  f387163d.0 -> Starfield_Class_2_CA.pem
lrwxrwxrwx 1 root root     34 May 14  2020  f3377b1b.0 -> Security_Communication_Root_CA.pem
lrwxrwxrwx 1 root root     41 May 14  2020  f30dd6ad.0 -> USERTrust_ECC_Certification_Authority.pem
lrwxrwxrwx 1 root root     34 May 14  2020  ef954a4e.0 -> IdenTrust_Commercial_Root_CA_1.pem
lrwxrwxrwx 1 root root     28 May 14  2020  ee64a828.0 -> Comodo_AAA_Services_root.pem
lrwxrwxrwx 1 root root     27 May 14  2020  dc4d6a89.0 -> GlobalSign_Root_CA_-_R6.pem
lrwxrwxrwx 1 root root     22 May 14  2020  d7e8dc79.0 -> QuoVadis_Root_CA_2.pem
lrwxrwxrwx 1 root root     34 May 14  2020  cd58d51e.0 -> Security_Communication_RootCA2.pem
lrwxrwxrwx 1 root root     14 May 14  2020  cc450945.0 -> Izenpe.com.pem
lrwxrwxrwx 1 root root     36 May 14  2020  c47d9980.0 -> Chambers_of_Commerce_Root_-_2008.pem
lrwxrwxrwx 1 root root     23 May 14  2020  b727005e.0 -> AffirmTrust_Premium.pem
lrwxrwxrwx 1 root root     31 May 14  2020  9d04f354.0 -> DigiCert_Assured_ID_Root_G2.pem
lrwxrwxrwx 1 root root     27 May 14  2020  9c8dfbd4.0 -> AffirmTrust_Premium_ECC.pem
lrwxrwxrwx 1 root root     26 May 14  2020  93bc0acc.0 -> AffirmTrust_Networking.pem
lrwxrwxrwx 1 root root     20 May 14  2020  8d86cdd1.0 -> certSIGN_ROOT_CA.pem
lrwxrwxrwx 1 root root     34 May 14  2020  8160b96c.0 -> Microsec_e-Szigno_Root_CA_2009.pem
lrwxrwxrwx 1 root root     28 May 14  2020  75d1b2ed.0 -> DigiCert_Trusted_Root_G4.pem
lrwxrwxrwx 1 root root     24 May 14  2020  706f604c.0 -> XRamp_Global_CA_Root.pem
lrwxrwxrwx 1 root root     44 May 14  2020  6fa5da56.0 -> SSL.com_Root_Certification_Authority_RSA.pem
lrwxrwxrwx 1 root root     40 May 14  2020  6b99d060.0 -> Entrust_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root     29 May 14  2020  653b494a.0 -> Baltimore_CyberTrust_Root.pem
lrwxrwxrwx 1 root root     23 May 14  2020  5f15c80c.0 -> TWCA_Global_Root_CA.pem
lrwxrwxrwx 1 root root     22 May 14  2020  5ad8a5d6.0 -> GlobalSign_Root_CA.pem
lrwxrwxrwx 1 root root     32 May 14  2020  5443e9e3.0 -> T-TeleSec_GlobalRoot_Class_3.pem
lrwxrwxrwx 1 root root     35 May 14  2020  5273a94c.0 -> E-Tugra_Certification_Authority.pem
lrwxrwxrwx 1 root root     29 May 14  2020  48bec511.0 -> Certum_Trusted_Network_CA.pem
lrwxrwxrwx 1 root root     43 May 14  2020  4304c5e5.0 -> Network_Solutions_Certificate_Authority.pem
lrwxrwxrwx 1 root root     27 May 14  2020  3e45d192.0 -> Hongkong_Post_Root_CA_1.pem
lrwxrwxrwx 1 root root     27 May 14  2020  3513523f.0 -> DigiCert_Global_Root_CA.pem
lrwxrwxrwx 1 root root     26 May 14  2020  2b349938.0 -> AffirmTrust_Commercial.pem
lrwxrwxrwx 1 root root     20 May 14  2020  2ae6433e.0 -> CA_Disig_Root_R2.pem
lrwxrwxrwx 1 root root     37 May 14  2020  1e08bfd1.0 -> IdenTrust_Public_Sector_Root_CA_1.pem
lrwxrwxrwx 1 root root     23 May 14  2020  18856ac4.0 -> SecureSign_RootCA11.pem
lrwxrwxrwx 1 root root     49 May 14  2020  116bf586.0 -> GeoTrust_Primary_Certification_Authority_-_G2.pem
lrwxrwxrwx 1 root root     44 May 14  2020  0bf05006.0 -> SSL.com_Root_Certification_Authority_ECC.pem
lrwxrwxrwx 1 root root     20 May 14  2020  080911ac.0 -> QuoVadis_Root_CA.pem
lrwxrwxrwx 1 root root     25 May 14  2020  064e0aa9.0 -> QuoVadis_Root_CA_2_G3.pem
lrwxrwxrwx 1 root root     36 May 14  2020  03179a64.0 -> Staat_der_Nederlanden_EV_Root_CA.pem
lrwxrwxrwx 1 root root     45 May 14  2020  02265526.0 -> Entrust_Root_Certification_Authority_-_G2.pem
-rw-r--r-- 1 root root   1188 Aug 13  2020  ssl-cert-snakeoil.pem
lrwxrwxrwx 1 root root     21 Aug 13  2020  d41a8ecc -> ssl-cert-snakeoil.pem
lrwxrwxrwx 1 root root     55 Jun 16 07:02  Certigna_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt
lrwxrwxrwx 1 root root     80 Jun 16 07:02  Entrust_Root_Certification_Authority_-_G4.pem -> /usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G4.crt
lrwxrwxrwx 1 root root     50 Jun 16 07:02  GTS_Root_R1.pem -> /usr/share/ca-certificates/mozilla/GTS_Root_R1.crt
lrwxrwxrwx 1 root root     50 Jun 16 07:02  GTS_Root_R2.pem -> /usr/share/ca-certificates/mozilla/GTS_Root_R2.crt
lrwxrwxrwx 1 root root     50 Jun 16 07:02  GTS_Root_R3.pem -> /usr/share/ca-certificates/mozilla/GTS_Root_R3.crt
lrwxrwxrwx 1 root root     50 Jun 16 07:02  GTS_Root_R4.pem -> /usr/share/ca-certificates/mozilla/GTS_Root_R4.crt
lrwxrwxrwx 1 root root     62 Jun 16 07:02  Hongkong_Post_Root_CA_3.pem -> /usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt
lrwxrwxrwx 1 root root     84 Jun 16 07:02  Microsoft_RSA_Root_Certificate_Authority_2017.pem -> /usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root root     84 Jun 16 07:02  Microsoft_ECC_Root_Certificate_Authority_2017.pem -> /usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root root     80 Jun 16 07:02  NAVER_Global_Root_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt
lrwxrwxrwx 1 root root     79 Jun 16 07:02  Trustwave_Global_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt
lrwxrwxrwx 1 root root     88 Jun 16 07:02  Trustwave_Global_ECC_P256_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt
lrwxrwxrwx 1 root root     88 Jun 16 07:02  Trustwave_Global_ECC_P384_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt
lrwxrwxrwx 1 root root     67 Jun 16 07:02  UCA_Extended_Validation_Root.pem -> /usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt
lrwxrwxrwx 1 root root     57 Jun 16 07:02  UCA_Global_G2_Root.pem -> /usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt
lrwxrwxrwx 1 root root     58 Jun 16 07:02  certSIGN_Root_CA_G2.pem -> /usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt
lrwxrwxrwx 1 root root     60 Jun 16 07:02  e-Szigno_Root_CA_2017.pem -> /usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt
lrwxrwxrwx 1 root root     62 Jun 16 07:02  emSign_ECC_Root_CA_-_C3.pem -> /usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt
lrwxrwxrwx 1 root root     62 Jun 16 07:02  emSign_ECC_Root_CA_-_G3.pem -> /usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt
lrwxrwxrwx 1 root root     58 Jun 16 07:02  emSign_Root_CA_-_C1.pem -> /usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt
lrwxrwxrwx 1 root root     58 Jun 16 07:02  emSign_Root_CA_-_G1.pem -> /usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt
lrwxrwxrwx 1 root root     20 Jun 16 07:02  f51bb24c.0 -> Certigna_Root_CA.pem
lrwxrwxrwx 1 root root     44 Jun 16 07:02  f249de83.0 -> Trustwave_Global_Certification_Authority.pem
lrwxrwxrwx 1 root root     25 Jun 16 07:02  e868b802.0 -> e-Szigno_Root_CA_2017.pem
lrwxrwxrwx 1 root root     53 Jun 16 07:02  d887a5bb.0 -> Trustwave_Global_ECC_P384_Certification_Authority.pem
lrwxrwxrwx 1 root root     21 Jun 16 07:02  d41a8ecc.0 -> ssl-cert-snakeoil.pem
lrwxrwxrwx 1 root root     22 Jun 16 07:02  c01eb047.0 -> UCA_Global_G2_Root.pem
lrwxrwxrwx 1 root root     49 Jun 16 07:02  bf53fb88.0 -> Microsoft_RSA_Root_Certificate_Authority_2017.pem
lrwxrwxrwx 1 root root     15 Jun 16 07:02  a3418fda.0 -> GTS_Root_R4.pem
lrwxrwxrwx 1 root root     53 Jun 16 07:02  9b5697b0.0 -> Trustwave_Global_ECC_P256_Certification_Authority.pem
lrwxrwxrwx 1 root root     49 Jun 16 07:02  8d89cda1.0 -> Microsoft_ECC_Root_Certificate_Authority_2017.pem
lrwxrwxrwx 1 root root     27 Jun 16 07:02  68dd7389.0 -> Hongkong_Post_Root_CA_3.pem
lrwxrwxrwx 1 root root     15 Jun 16 07:02  626dceaf.0 -> GTS_Root_R2.pem
lrwxrwxrwx 1 root root     23 Jun 16 07:02  5f618aec.0 -> certSIGN_Root_CA_G2.pem
lrwxrwxrwx 1 root root     45 Jun 16 07:02  5e98733a.0 -> Entrust_Root_Certification_Authority_-_G4.pem
lrwxrwxrwx 1 root root     27 Jun 16 07:02  4b718d9b.0 -> emSign_ECC_Root_CA_-_C3.pem
lrwxrwxrwx 1 root root     23 Jun 16 07:02  406c9bb1.0 -> emSign_Root_CA_-_C1.pem
lrwxrwxrwx 1 root root     45 Jun 16 07:02  3fb36b73.0 -> NAVER_Global_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root     23 Jun 16 07:02  2923b3f9.0 -> emSign_Root_CA_-_G1.pem
lrwxrwxrwx 1 root root     27 Jun 16 07:02  14bc7599.0 -> emSign_ECC_Root_CA_-_G3.pem
lrwxrwxrwx 1 root root     15 Jun 16 07:02  1001acf7.0 -> GTS_Root_R1.pem
lrwxrwxrwx 1 root root     32 Jun 16 07:02  0f5dc4f3.0 -> UCA_Extended_Validation_Root.pem
lrwxrwxrwx 1 root root     15 Jun 16 07:02  0a775a30.0 -> GTS_Root_R3.pem
-rw-r--r-- 1 root root 199113 Nov 29 10:14  ca-certificates.crt

@MikeMcQ it didn't work either forcing tls1.2 :cry: but it was worth trying

> curl -v --tls-max 1.2 https://acme-v02.api.letsencrypt.org/directory
*   Trying 172.65.32.248:443...
* TCP_NODELAY set
* Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to acme-v02.api.letsencrypt.org:443 
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to acme-v02.api.letsencrypt.org:443 
5 Likes

Please show:
cat /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt

5 Likes
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----
3 Likes

That is the right cert.

5 Likes

I don't know if you could double check if something changed on your side about our ip @lestaff :cry: All tests I did these past days indicate that it should work, digitalocean staff didn't found anything wrong either, and I'm a bit lost right now :persevere:

2 Likes

Are you able to do packet capture?

5 Likes

Hello @bruncsak, thanks for the suggestion :grin: I've just used "tcpdump -vv host acme-v02.api.letsencrypt.org" on both original and cloned servers and then did a "curl acme-v02.api.letsencrypt.org", here are the outputs;

Original server:

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
12:13:49.692371 IP (tos 0x0, ttl 64, id 49749, offset 0, flags [DF], proto TCP (6), length 60)
    188.166.113.247.49034 > 172.65.32.248.https: Flags [S], cksum 0xfc05 (incorrect -> 0x7978), seq 1356539402, win 64240, options [mss 1460,sackOK,TS val 2516191642 ecr 0,nop,wscale 7], length 0
12:13:49.694315 IP (tos 0x0, ttl 60, id 0, offset 0, flags [DF], proto TCP (6), length 52)
    172.65.32.248.https > 188.166.113.247.49034: Flags [S.], cksum 0x38f9 (correct), seq 1936821964, ack 1356539403, win 65535, options [mss 1400,nop,nop,sackOK,nop,wscale 10], length 0
12:13:49.694354 IP (tos 0x0, ttl 64, id 49750, offset 0, flags [DF], proto TCP (6), length 40)
    188.166.113.247.49034 > 172.65.32.248.https: Flags [.], cksum 0xfbf1 (incorrect -> 0x779c), seq 1, ack 1, win 502, length 0
12:13:49.696497 IP (tos 0x0, ttl 60, id 55356, offset 0, flags [DF], proto TCP (6), length 40)
    172.65.32.248.https > 188.166.113.247.49034: Flags [F.], cksum 0x7951 (correct), seq 1, ack 1, win 64, length 0
12:13:49.698309 IP (tos 0x0, ttl 64, id 49751, offset 0, flags [DF], proto TCP (6), length 40)
    188.166.113.247.49034 > 172.65.32.248.https: Flags [.], cksum 0xfbf1 (incorrect -> 0x779b), seq 1, ack 2, win 502, length 0
12:13:49.701277 IP (tos 0x0, ttl 64, id 49752, offset 0, flags [DF], proto TCP (6), length 557)
    188.166.113.247.49034 > 172.65.32.248.https: Flags [P.], cksum 0xfdf6 (incorrect -> 0x82c3), seq 1:518, ack 2, win 502, length 517
12:13:49.701773 IP (tos 0x0, ttl 64, id 49753, offset 0, flags [DF], proto TCP (6), length 40)
    188.166.113.247.49034 > 172.65.32.248.https: Flags [F.], cksum 0xfbf1 (incorrect -> 0x7595), seq 518, ack 2, win 502, length 0
12:13:49.702382 IP (tos 0x0, ttl 60, id 0, offset 0, flags [DF], proto TCP (6), length 40)
    172.65.32.248.https > 188.166.113.247.49034: Flags [R], cksum 0xf083 (correct), seq 1936821966, win 0, length 0
12:13:49.702826 IP (tos 0x0, ttl 60, id 0, offset 0, flags [DF], proto TCP (6), length 40)
    172.65.32.248.https > 188.166.113.247.49034: Flags [R], cksum 0xf083 (correct), seq 1936821966, win 0, length 0

Cloned server:

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
12:16:06.653142 IP (tos 0x0, ttl 64, id 1237, offset 0, flags [DF], proto TCP (6), length 60)
    188.166.54.146.45388 > 172.65.32.248.https: Flags [S], cksum 0xc0a0 (incorrect -> 0x761b), seq 699931892, win 64240, options [mss 1460,sackOK,TS val 1643363034 ecr 0,nop,wscale 7], length 0
12:16:06.655259 IP (tos 0x0, ttl 60, id 0, offset 0, flags [DF], proto TCP (6), length 52)
    172.65.32.248.https > 188.166.54.146.45388: Flags [S.], cksum 0x6ca9 (correct), seq 1989136858, ack 699931893, win 65535, options [mss 1400,nop,nop,sackOK,nop,wscale 10], length 0
12:16:06.655300 IP (tos 0x0, ttl 64, id 1238, offset 0, flags [DF], proto TCP (6), length 40)
    188.166.54.146.45388 > 172.65.32.248.https: Flags [.], cksum 0xc08c (incorrect -> 0xab4c), seq 1, ack 1, win 502, length 0
12:16:06.663127 IP (tos 0x0, ttl 64, id 1239, offset 0, flags [DF], proto TCP (6), length 557)
    188.166.54.146.45388 > 172.65.32.248.https: Flags [P.], cksum 0xc291 (incorrect -> 0x99fd), seq 1:518, ack 1, win 502, length 517
12:16:06.664308 IP (tos 0x0, ttl 60, id 58976, offset 0, flags [DF], proto TCP (6), length 40)
    172.65.32.248.https > 188.166.54.146.45388: Flags [.], cksum 0xaafb (correct), seq 1, ack 518, win 66, length 0
12:16:06.899279 IP (tos 0x0, ttl 60, id 58977, offset 0, flags [DF], proto TCP (6), length 2088)
    172.65.32.248.https > 188.166.54.146.45388: Flags [P.], cksum 0xc88c (incorrect -> 0x5865), seq 1:2049, ack 518, win 66, length 2048
12:16:06.899279 IP (tos 0x0, ttl 60, id 58979, offset 0, flags [DF], proto TCP (6), length 1382)
    172.65.32.248.https > 188.166.54.146.45388: Flags [P.], cksum 0x3fe3 (correct), seq 2049:3391, ack 518, win 66, length 1342
12:16:06.899326 IP (tos 0x0, ttl 64, id 1240, offset 0, flags [DF], proto TCP (6), length 40)
    188.166.54.146.45388 > 172.65.32.248.https: Flags [.], cksum 0xc08c (incorrect -> 0xa14c), seq 518, ack 2049, win 497, length 0
12:16:06.899340 IP (tos 0x0, ttl 64, id 1241, offset 0, flags [DF], proto TCP (6), length 40)
    188.166.54.146.45388 > 172.65.32.248.https: Flags [.], cksum 0xc08c (incorrect -> 0x9c14), seq 518, ack 3391, win 491, length 0
12:16:06.900146 IP (tos 0x0, ttl 64, id 1242, offset 0, flags [DF], proto TCP (6), length 120)
    188.166.54.146.45388 > 172.65.32.248.https: Flags [P.], cksum 0xc0dc (incorrect -> 0xb82d), seq 518:598, ack 3391, win 501, length 80
12:16:06.900286 IP (tos 0x0, ttl 64, id 1243, offset 0, flags [DF], proto TCP (6), length 86)
    188.166.54.146.45388 > 172.65.32.248.https: Flags [P.], cksum 0xc0ba (incorrect -> 0x10db), seq 598:644, ack 3391, win 501, length 46
12:16:06.900330 IP (tos 0x0, ttl 64, id 1244, offset 0, flags [DF], proto TCP (6), length 89)
    188.166.54.146.45388 > 172.65.32.248.https: Flags [P.], cksum 0xc0bd (incorrect -> 0xdac2), seq 644:693, ack 3391, win 501, length 49
12:16:06.900372 IP (tos 0x0, ttl 64, id 1245, offset 0, flags [DF], proto TCP (6), length 75)
    188.166.54.146.45388 > 172.65.32.248.https: Flags [P.], cksum 0xc0af (incorrect -> 0x357e), seq 693:728, ack 3391, win 501, length 35
12:16:06.900428 IP (tos 0x0, ttl 64, id 1246, offset 0, flags [DF], proto TCP (6), length 111)
    188.166.54.146.45388 > 172.65.32.248.https: Flags [P.], cksum 0xc0d3 (incorrect -> 0x1bf4), seq 728:799, ack 3391, win 501, length 71
12:16:06.901272 IP (tos 0x0, ttl 60, id 58980, offset 0, flags [DF], proto TCP (6), length 40)
    172.65.32.248.https > 188.166.54.146.45388: Flags [.], cksum 0x9d6d (correct), seq 3391, ack 598, win 66, length 0
12:16:06.901377 IP (tos 0x0, ttl 60, id 58981, offset 0, flags [DF], proto TCP (6), length 40)
    172.65.32.248.https > 188.166.54.146.45388: Flags [.], cksum 0x9d3f (correct), seq 3391, ack 644, win 66, length 0
12:16:06.901464 IP (tos 0x0, ttl 60, id 58982, offset 0, flags [DF], proto TCP (6), length 40)
    172.65.32.248.https > 188.166.54.146.45388: Flags [.], cksum 0x9d0e (correct), seq 3391, ack 693, win 66, length 0
12:16:06.901464 IP (tos 0x0, ttl 60, id 58983, offset 0, flags [DF], proto TCP (6), length 40)
    172.65.32.248.https > 188.166.54.146.45388: Flags [.], cksum 0x9ceb (correct), seq 3391, ack 728, win 66, length 0
12:16:06.901535 IP (tos 0x0, ttl 60, id 58984, offset 0, flags [DF], proto TCP (6), length 40)
    172.65.32.248.https > 188.166.54.146.45388: Flags [.], cksum 0x9ca4 (correct), seq 3391, ack 799, win 66, length 0
12:16:07.017679 IP (tos 0x0, ttl 60, id 58985, offset 0, flags [DF], proto TCP (6), length 119)
    172.65.32.248.https > 188.166.54.146.45388: Flags [P.], cksum 0x2845 (correct), seq 3391:3470, ack 799, win 66, length 79
12:16:07.017720 IP (tos 0x0, ttl 64, id 1247, offset 0, flags [DF], proto TCP (6), length 40)
    188.166.54.146.45388 > 172.65.32.248.https: Flags [.], cksum 0xc08c (incorrect -> 0x9aa2), seq 799, ack 3470, win 501, length 0
12:16:07.017903 IP (tos 0x0, ttl 60, id 58986, offset 0, flags [DF], proto TCP (6), length 181)
    172.65.32.248.https > 188.166.54.146.45388: Flags [P.], cksum 0x20cd (correct), seq 3470:3611, ack 799, win 66, length 141
12:16:07.017903 IP (tos 0x0, ttl 60, id 58987, offset 0, flags [DF], proto TCP (6), length 216)
    172.65.32.248.https > 188.166.54.146.45388: Flags [P.], cksum 0x2ca2 (correct), seq 3611:3787, ack 799, win 66, length 176
12:16:07.017916 IP (tos 0x0, ttl 64, id 1248, offset 0, flags [DF], proto TCP (6), length 40)
    188.166.54.146.45388 > 172.65.32.248.https: Flags [.], cksum 0xc08c (incorrect -> 0x9a15), seq 799, ack 3611, win 501, length 0
12:16:07.017924 IP (tos 0x0, ttl 64, id 1249, offset 0, flags [DF], proto TCP (6), length 40)
    188.166.54.146.45388 > 172.65.32.248.https: Flags [.], cksum 0xc08c (incorrect -> 0x9966), seq 799, ack 3787, win 500, length 0
12:16:07.018019 IP (tos 0x0, ttl 64, id 1250, offset 0, flags [DF], proto TCP (6), length 71)
    188.166.54.146.45388 > 172.65.32.248.https: Flags [P.], cksum 0xc0ab (incorrect -> 0xd3c0), seq 799:830, ack 3787, win 500, length 31
12:16:07.018159 IP (tos 0x0, ttl 60, id 58988, offset 0, flags [DF], proto TCP (6), length 2245)
    172.65.32.248.https > 188.166.54.146.45388: Flags [P.], cksum 0xc929 (incorrect -> 0xd9e9), seq 3787:5992, ack 799, win 66, length 2205
12:16:07.018169 IP (tos 0x0, ttl 64, id 1251, offset 0, flags [DF], proto TCP (6), length 40)
    188.166.54.146.45388 > 172.65.32.248.https: Flags [.], cksum 0xc08c (incorrect -> 0x90ad), seq 830, ack 5992, win 497, length 0
12:16:07.018324 IP (tos 0x0, ttl 64, id 1252, offset 0, flags [DF], proto TCP (6), length 64)
    188.166.54.146.45388 > 172.65.32.248.https: Flags [P.], cksum 0xc0a4 (incorrect -> 0xe933), seq 830:854, ack 5992, win 501, length 24
12:16:07.019008 IP (tos 0x0, ttl 64, id 1253, offset 0, flags [DF], proto TCP (6), length 40)
    188.166.54.146.45388 > 172.65.32.248.https: Flags [F.], cksum 0xc08c (incorrect -> 0x9090), seq 854, ack 5992, win 501, length 0
12:16:07.019138 IP (tos 0x0, ttl 60, id 58990, offset 0, flags [DF], proto TCP (6), length 40)
    172.65.32.248.https > 188.166.54.146.45388: Flags [.], cksum 0x925c (correct), seq 5992, ack 830, win 66, length 0
12:16:07.019445 IP (tos 0x0, ttl 60, id 58991, offset 0, flags [DF], proto TCP (6), length 40)
    172.65.32.248.https > 188.166.54.146.45388: Flags [.], cksum 0x9244 (correct), seq 5992, ack 854, win 66, length 0
12:16:07.060363 IP (tos 0x0, ttl 60, id 58992, offset 0, flags [DF], proto TCP (6), length 40)
    172.65.32.248.https > 188.166.54.146.45388: Flags [.], cksum 0x9243 (correct), seq 5992, ack 855, win 66, length 0
12:16:07.135904 IP (tos 0x0, ttl 60, id 58993, offset 0, flags [DF], proto TCP (6), length 40)
    172.65.32.248.https > 188.166.54.146.45388: Flags [F.], cksum 0x9242 (correct), seq 5992, ack 855, win 66, length 0
12:16:07.135953 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
    188.166.54.146.45388 > 172.65.32.248.https: Flags [.], cksum 0x908f (correct), seq 855, ack 5993, win 501, length 0
3 Likes