[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory



>> Certificate verification failed: The certificate is NOT trusted. The
>> certificate chain uses expired certificate.  Could not handshake: Error
>> in the certificate verification. [IP: 95.216.163.36 443]
>>
> Maybe renew the key ?

The repo uses a LetsEncrypt certificate.

Odds are, the OP's system's trust store is quite old and so still has the old root in place - LE's intermediate has multiple signatures and one of the roots expired last year.

Running

    sudo apt-get -y install ca-certificates

Should bring it up to date (assuming there's a relatively modern openssl in use - I think 1.0 will throw an error either way because it still tries to follow both forks in the chain and borks when it sees the expired cert).



--
Ben Tasker
https://www.bentasker.co.uk



_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays