On 21/06/17 17:14, murphy wrote: > download of swdb.lst failed. I think this is because of an expired certificate for versions.gnupg.org:
$ wget -S https://versions.gnupg.org/swdb.lst --2017-06-21 19:11:03-- https://versions.gnupg.org/swdb.lst Resolving versions.gnupg.org (versions.gnupg.org)... 2001:aa8:fff1:2100::56, 217.69.76.56 Connecting to versions.gnupg.org (versions.gnupg.org)|2001:aa8:fff1:2100::56|:443... failed: Connection refused. Connecting to versions.gnupg.org (versions.gnupg.org)|217.69.76.56|:443... connected. ERROR: The certificate of ‘versions.gnupg.org’ is not trusted. ERROR: The certificate of ‘versions.gnupg.org’ has expired. The certificate has expired $ gnutls-cli -p https versions.gnupg.org Processed 175 CA certificate(s). Resolving 'versions.gnupg.org'... Connecting to '2001:aa8:fff1:2100::56:443'... Cannot connect to 2001:aa8:fff1:2100::56:443: Connection refused Connecting to '217.69.76.56:443'... - Certificate type: X.509 - Got a certificate list of 2 certificates. - Certificate[0] info: - subject `CN=versions.gnupg.org', issuer `C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3', RSA key 2048 bits, signed using RSA-SHA256, activated `2017-03-22 09:00:00 UTC', expires `2017-06-20 09:00:00 UTC', SHA-1 fingerprint `57a54fb00d2eabc40afe221720b73fd3038e3929' Public Key ID: ee4ff057a2b9a377fd7c4499e48f535633ccf304 Public key's random art: +--[ RSA 2048]----+ | E. | | Bo| | o.O| | +=| | S . .=.| | . o o oo o| | . = .. o | | . .oo. ...| | o+oo .+| +-----------------+ - Certificate[1] info: - subject `C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3', issuer `O=Digital Signature Trust Co.,CN=DST Root CA X3', RSA key 2048 bits, signed using RSA-SHA256, activated `2016-03-17 16:40:46 UTC', expires `2021-03-17 16:40:46 UTC', SHA-1 fingerprint `e6a3b45b062d509b3382282d196efe97d5956ccb' - Status: The certificate is NOT trusted. The certificate chain uses expired certificate. *** PKI verification of server certificate failed... *** Fatal error: Error in the certificate. *** Handshake has failed GnuTLS error: Error in the certificate. My guess is that certbot, the tool usually responsible for downloading new Let's Encrypt! certificates, hasn't been able to get a new certificate for a month, and a system administrator needs to look into getting it to succesfully obtain a new one. The webserver also seems to reject IPv6 connections, BTW. I can succesfully open IPv6 https connections with gnutls-cli to other sites. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
