On 13-12-2019 12:37, Hal Murray wrote: > Are you using a chroot jail? If so, does it let ntpd see the root certs?
The chroot is the root cause I guess. Thanks for tipping me abotu taht one. I copied over /etc/pki to /chroot/ntpd/etc and stuff starts to see certs and such: Dec 13 12:42:57 sp2 ntpd[1589263]: NTSc: read 880 bytes Dec 13 12:42:57 sp2 ntpd[1589263]: NTSc: Got 8 cookies, length 104, aead=15. Dec 13 12:42:57 sp2 ntpd[1589263]: NTSc: NTS-KE req to ntp1.glypnod.com took 0.659 sec, OK Dec 13 12:42:58 sp2 ntpd[1589263]: NTSc: DNS lookup of ntp2.glypnod.com took 0.001 sec Dec 13 12:42:58 sp2 ntpd[1589263]: NTSc: nts_probe connecting to ntp2.glypnod.com:123 => [2a03:b0c0:1:d0::1f9:f001]:123 Dec 13 12:42:58 sp2 ntpd[1589263]: NTSc: Using TLSv1.3, TLS_AES_256_GCM_SHA384 (256) Dec 13 12:42:58 sp2 ntpd[1589263]: NTSc: certificate subject name: /CN=ntp2.glypnod.com Dec 13 12:42:58 sp2 ntpd[1589263]: NTSc: certificate issuer name: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 Dec 13 12:42:58 sp2 ntpd[1589263]: NTSc: certificate is valid. Dec 13 12:42:58 sp2 ntpd[1589263]: NTSc: read 880 bytes Dec 13 12:42:58 sp2 ntpd[1589263]: NTSc: Got 8 cookies, length 104, aead=15. Dec 13 12:42:58 sp2 ntpd[1589263]: NTSc: NTS-KE req to ntp2.glypnod.com took 0.106 sec, OK Looks better to me... Thanks again for the tip! Kind regards, Udo _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel