Ran into todays problems with the expired root certificate on my website www.rejsa.nu. Trying to delete and renew my certificate this also failed due to this:
root@no:~ # curl https://acme-v02.api.letsencrypt.org/directory
curl: (60) SSL certificate verify result: certificate has expired (10)
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
This is from a fully updated OPNsense box
Your machine doesn't trust ISRG Root X1 (self signed). Can you update ca-certificates or similar?
Since I'm not very good at this stuff I'm not sure how to update my box as a client so it gets the right root chain?
OPNSense is FreeBSD based and I have no clue (I'm never in on it in a shell normally)
Sorry I don't know the specifics for that but you need to get it to add the self-signed ISRG Root X1, which you can download in various formats from here: Chain of Trust - Let's Encrypt
If you have a
/etc/ssl/ it may be something under there you need to update (in a subfolder), someone else with more familiarity with FreeBSD may be able to help.
Removed the expired Letsencrypt authority found in the OPNsense webgui under:
System - Trust - Authorities
So at least updating certs works now
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.