Re: Gpg4win LetsEncrypt issue

2022-02-14 Thread David Kačerek via Gnupg-users
-- Original Message -- From: "Werner Koch via Gnupg-users" To: Sent: 11.01.2022 11:52:00 Subject: Gpg4win LetsEncrypt issue For details please see https://dev.gnupg.org/T5639 which was fixed with GnuPG 2.2.32 and 2.3.4. Hello, I'd say the problem is not fixed in neither Gn

Re: Gpg4win LetsEncrypt issue

2022-01-11 Thread Werner Koch via Gnupg-users
On Thu, 6 Jan 2022 15:33, Anze Jensterle said: > checked multiple times). Only deleting the old intermediates instead of the > root helped. Do you also check all the intermediate paths? Sure. My former answer was simply wrong. For details please see https://dev.gnupg.org/T5639 which was fixed

Re: Gpg4win LetsEncrypt issue

2022-01-07 Thread Bernhard Reiter
Am Mittwoch 05 Januar 2022 09:16:52 schrieb Alex Nadtoka via Gnupg-users: > Is there a way to enable more detailed debug mode so I can see the path for > the certificate that dirmngr is using? Use dirmngr.conf to add more diagnostic output, e.g. log-file c:\XYZ debug-level advanced and

Re: Gpg4win LetsEncrypt issue

2022-01-06 Thread Alex Nadtoka via Gnupg-users
yes as well as for me. I was using latest gpg software Virus-free. www.avast.com

Re: Gpg4win LetsEncrypt issue

2022-01-06 Thread Anze Jensterle
That's the weird thing: I had the new root installed all this time (I checked multiple times). Only deleting the old intermediates instead of the root helped. Do you also check all the intermediate paths? So the path to verify was SERVER->INTERMEDIATE(R3 signed by DST Root)->DST ROOT, both the

Re: Gpg4win LetsEncrypt issue

2022-01-06 Thread Werner Koch via Gnupg-users
On Thu, 6 Jan 2022 12:02, Anze Jensterle said: > Any idea why? I suspect it has to do with old intermediates being > crosssigned as well. If you don't have the current LE root certificate the old certification path is tried. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen

Re: Gpg4win LetsEncrypt issue

2022-01-06 Thread Anze Jensterle
Hi Werner, This was happening to me on the latest 2.3.4 with gpg4win 4. Any idea why? I suspect it has to do with old intermediates being crosssigned as well. Best, Anze On Thu, 6 Jan 2022 at 09:41 Werner Koch via Gnupg-users < gnupg-users@gnupg.org> wrote: > Hi! > > instead of working around

Re: Gpg4win LetsEncrypt issue

2022-01-06 Thread Werner Koch via Gnupg-users
Hi! instead of working around the problem, I strongly suggest to update gpg4win to 4.0 or at least install gnupg 2.2.33 on top of an older gpg4win. This fixes the problem without a need to tweak the root cert store. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein

Re: Gpg4win LetsEncrypt issue

2022-01-05 Thread Alex Nadtoka via Gnupg-users
Ok for me the fix was by importing this intermediate certificate to intermediates in user profile and local computer https://letsencrypt.org/certs/lets-encrypt-r3.pem I guess old r3 should be removed and new one added Regards, Oleksandr ср, 5 січ. 2022 р. о 10:16 Alex Nadtoka пише: > I found

Re: Gpg4win LetsEncrypt issue

2022-01-05 Thread Alex Nadtoka via Gnupg-users
I found one such certificate and removed it but the issue is still there. Is there a way to enable more detailed debug mode so I can see the path for the certificate that dirmngr is using? Regards, Oleksandr ср, 5 січ. 2022 р. о 02:44 Anze Jensterle пише: > OK, I seem to have solved the issue.

Re: Gpg4win LetsEncrypt issue

2022-01-04 Thread Anze Jensterle
OK, I seem to have solved the issue. @Alex Nadtoka Deleting the DST Root is not needed. Make sure to delete the certificate name "Let's Encrypt X1" or similar and "R3" from the user and system store. They are not stored under "Trusted Roots" but under "Intermediate CAs". After I deleted all the

Re: Gpg4win LetsEncrypt issue

2022-01-04 Thread Anze Jensterle
I am having the same issue on GnuPG version 2.3.4. If I have the DST root in my Trust Root Store I get Certificate expired, if I don't have it in there I get "No inquire callback in IPC" and Dirmngr logs "error connecting to 'https://keys.openpgp.org:443': Missing issuer certificate". Any idea why

Re: Gpg4win LetsEncrypt issue

2022-01-04 Thread Alex Nadtoka via Gnupg-users
I do have isntalled ISRG Root X1 and X2 But I noticed that DST Root CA X3 appeared again in the system... weird. deleted it with admin privileges from entire PC вт, 4 січ. 2022 р. о 15:14 Andrew Gallagher via Gnupg-users < gnupg-users@gnupg.org> пише: > > On 4 Jan 2022, at 12:15, Alex Nadtoka

Re: Gpg4win LetsEncrypt issue

2022-01-04 Thread Andrew Gallagher via Gnupg-users
> On 4 Jan 2022, at 12:15, Alex Nadtoka wrote: > > yes thanks, tried disabling it but error was still there. So I deleted DST > Root CA X3 . At the mooment I see error from dirmngr 2.3.4: no CA certificate > found > And > error searching keyserver: "No inquire callback in IPC" > > Not

Re: Gpg4win LetsEncrypt issue

2022-01-04 Thread Alex Nadtoka via Gnupg-users
yes thanks, tried disabling it but error was still there. So I deleted DST Root CA X3 . At the mooment I see error from dirmngr 2.3.4: no CA certificate found And error searching keyserver: "No inquire callback in IPC" Not sure if it is still because of root certificate. Will try to google now

Re: Gpg4win LetsEncrypt issue

2022-01-03 Thread Andrew Gallagher via Gnupg-users
On Fri, 2021-12-31 at 23:23 +0200, Alex Nadtoka wrote: > Ok, thanks. Where on the client end i can remove it? This blog appears to do it correctly (to the best of my knowledge) and as its worked example uses the very same CA certificate that we have just been discussing:  

Re: Gpg4win LetsEncrypt issue

2021-12-31 Thread Alex Nadtoka via Gnupg-users
Ok, thanks. Where on the client end i can remove it? чт, 30 дек. 2021 г., 23:12 Andrew Gallagher via Gnupg-users < gnupg-users@gnupg.org>: > > > On 30 Dec 2021, at 16:27, Alex Nadtoka wrote: > > > > Even if I remove root certificate from the server it will be added again > on renewal. > > It is

Re: Gpg4win LetsEncrypt issue

2021-12-30 Thread Andrew Gallagher via Gnupg-users
> On 30 Dec 2021, at 16:27, Alex Nadtoka wrote: > > Even if I remove root certificate from the server it will be added again on > renewal. It is the client that needs the ca certificate to be removed, not the server. The root cause is that there is more than one verification path possible

Re: Gpg4win LetsEncrypt issue

2021-12-30 Thread Alex Nadtoka via Gnupg-users
Actually I just now realized that the things are automated on the server. Certbot+nginx renews SSL certificates every 3 months. And currently keyserver uses the latest SSL certificate with automatically set up CA Root certificates. Even if I remove root certificate from the server it will be added

Re: Gpg4win LetsEncrypt issue

2021-12-30 Thread Alex Nadtoka via Gnupg-users
Cool thanks. going to test it today Yesterday tested also with GPG Suite on MacOS - works fine, so only windows issue I think. чт, 30 груд. 2021 р. о 16:31 Werner Koch via Gnupg-users < gnupg-users@gnupg.org> пише: > On Wed, 29 Dec 2021 21:33, Andrew Gallagher said: > > > OK, so you definitely

Re: Gpg4win LetsEncrypt issue

2021-12-30 Thread Werner Koch via Gnupg-users
On Wed, 29 Dec 2021 21:33, Andrew Gallagher said: > OK, so you definitely need to solve the root certificate issue. This has been fixed with gnupg 2.2.32 - please get an update. The workaround is to delete the old LE certificate from your Root CA store. Salam-Shalom, Werner -- Die

Re: Gpg4win LetsEncrypt issue

2021-12-29 Thread Alex Nadtoka via Gnupg-users
It is just dirmngr Through browsers everything works fine as well as from gpg command line client in Linux ср, 29 груд. 2021 р. о 23:34 Andrew Gallagher via Gnupg-users < gnupg-users@gnupg.org> пише: > > > On 29 Dec 2021, at 21:12, Alex Nadtoka wrote: > > > > We have our internal GPG

Re: Gpg4win LetsEncrypt issue

2021-12-29 Thread Andrew Gallagher via Gnupg-users
> On 29 Dec 2021, at 21:12, Alex Nadtoka wrote: > > We have our internal GPG server( I want people in company to be able to > connect to it from windows as well... OK, so you definitely need to solve the root certificate issue. Do sites using letsencrypt work from an Edge browser on that

Re: Gpg4win LetsEncrypt issue

2021-12-29 Thread Alex Nadtoka via Gnupg-users
We have our internal GPG server( I want people in company to be able to connect to it from windows as well... ср, 29 груд. 2021 р. о 23:11 Andrew Gallagher via Gnupg-users < gnupg-users@gnupg.org> пише: > > On 29 Dec 2021, at 20:15, Alex Nadtoka wrote: > > yes it works with

Re: Gpg4win LetsEncrypt issue

2021-12-29 Thread Andrew Gallagher via Gnupg-users
> On 29 Dec 2021, at 20:15, Alex Nadtoka wrote: > > yes it works with keyserver-01.2ndquadrant.com Is this server sufficient for your purposes or do you also need to support an internal keyserver? A > ср, 29 груд. 2021 р. о 17:06 Andrew Gallagher via Gnupg-users > пише: >> On Wed,

Re: Gpg4win LetsEncrypt issue

2021-12-29 Thread Alex Nadtoka via Gnupg-users
yes it works with keyserver-01.2ndquadrant.com ср, 29 груд. 2021 р. о 17:06 Andrew Gallagher via Gnupg-users < gnupg-users@gnupg.org> пише: > On Wed, 2021-12-29 at 14:33 +0200, Alex Nadtoka via Gnupg-users wrote: > > I cannot connect to any keyserver. The error is certificate expired. > > I am

Re: Gpg4win LetsEncrypt issue

2021-12-29 Thread Andrew Gallagher via Gnupg-users
On Wed, 2021-12-29 at 14:33 +0200, Alex Nadtoka via Gnupg-users wrote: > I cannot connect to any keyserver. The error is certificate expired. > I am on latest (I think) Windows 10 . Tried reinstalling it or > installing on new Windows machine but no luck . dirmngr keeps telling > me that

Gpg4win LetsEncrypt issue

2021-12-29 Thread Alex Nadtoka via Gnupg-users
I cannot connect to any keyserver. The error is certificate expired. I am on latest (I think) Windows 10 . Tried reinstalling it or installing on new Windows machine but no luck . dirmngr keeps telling me that certificate is expired. I know I can put ignore-cert followed by the SHA-1 fingerprint