On Sun, 05 Apr 2020 at 01:00:04 +0200, Jonas Smedegaard wrote: > Weirdly the cause seems to be that curl doesn't get the cert at all: > > debian@everton:~$ curl -s > https://acme-v02.api.letsencrypt.org/acme/cert/036c9c4c3720c2241c7f32cb5920470555db > debian@everton:~$ echo $? > 60 > > On another host I have no problem fetching the cert. > > So seems like an issue unrelated to lacme :-/
Not sure if it's unrelated, curl(1)'s exit status 60 is “Peer certificate cannot be authenticated with known CA certificates.” Is ca-certificates installed on that machine? It occurs to me that a dependency might be missing here. Oddly enough lacme is able to talk to the server, even though its ‘SSL_verify’ option defaults to ‘Yes’, which AFAICT causes IO::Socket::SSL to use the peer verification logic from openssl. -- Guilhem.
signature.asc
Description: PGP signature