<div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10pt" ><div dir="ltr" >The FRR slack has details that say otherwise, though I don't know if it has been fixed since I tested. It looks like one of the certs is <em>not</em> changed, but I believe they're fixing it now in Slack:</div>
<div dir="ltr" > </div>
<div dir="ltr" ><div class="c-message_kit__gutter__left" style="box-sizing: inherit; flex-shrink: 0; margin-right: 8px; display: flex; color: rgb(209, 210, 211); font-family: Slack-Lato, appleLogo, sans-serif; font-size: 15px; font-style: normal; font-variant-ligatures: common-ligatures; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(34, 37, 41); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;" ><div class="p-message_pane_message__compact_timestamp p-message_pane_message__compact_timestamp--light p-message_pane_message__compact_timestamp--adjacent" style="box-sizing: inherit; margin: -4px 0px -4px -20px; width: 56px; text-align: right; opacity: 1;" ><a class="c-link c-timestamp" data-sk="tooltip_parent" data-stringify-requires-siblings="true" data-stringify-text="[1:06 PM]" data-stringify-type="replace" data-ts="1633543590.164400" delay="300" href="https://frrouting.slack.com/archives/C4T714TAQ/p1633543590164400" style="box-sizing: inherit; color: rgba(var(--sk_foreground_max_solid,97,96,97),1); text-decoration: none; font-size: 12px;" ><span class="c-timestamp__label" style="box-sizing: inherit; color: rgba(var(--sk_foreground_max_solid,97,96,97),1);" >1:06</span></a></div></div>
<div class="c-message_kit__gutter__right" data-qa="message_content" role="presentation" style="box-sizing: inherit; flex: 1 1 0px; min-width: 0px; padding: 8px 8px 8px 16px; margin: -12px -8px -16px -16px; color: rgb(209, 210, 211); font-family: Slack-Lato, appleLogo, sans-serif; font-size: 15px; font-style: normal; font-variant-ligatures: common-ligatures; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(34, 37, 41); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;" ><div class="c-message_kit__blocks c-message_kit__blocks--rich_text" style="box-sizing: inherit; max-width: none; margin-bottom: 4px;" ><div class="c-message__message_blocks c-message__message_blocks--rich_text" style="box-sizing: inherit; max-width: none; overflow-wrap: break-word;" ><div class="p-block_kit_renderer" data-qa="block-kit-renderer" style="box-sizing: inherit; width: 1022px;" ><div class="p-block_kit_renderer__block_wrapper p-block_kit_renderer__block_wrapper--first" style="box-sizing: inherit; display: flex;" ><div class="p-rich_text_block" dir="auto" style="box-sizing: inherit; counter-reset: list-0 0 list-1 0 list-2 0 list-3 0 list-4 0 list-5 0 list-6 0 list-7 0 list-8 0 list-9 0; width: 1022px; user-select: text; text-align: left; font-size: 15px; line-height: 1.46668;" ><pre class="c-mrkdwn__pre" data-stringify-type="pre" style="box-sizing: inherit; margin: 4px 0px; padding: 8px; --saf-0:rgba(var(--sk_foreground_low,29,28,29),0.13); font-size: 12px; line-height: 1.50001; font-variant-ligatures: none; white-space: pre-wrap; overflow-wrap: break-word; word-break: normal; tab-size: 4; font-family: Monaco, Menlo, Consolas, "Courier New", monospace !important; border: 1px solid var(--saf-0); border-radius: 4px; background: rgba(var(--sk_foreground_min,29,28,29),0.04); counter-reset: list-0 0 list-1 0 list-2 0 list-3 0 list-4 0 list-5 0 list-6 0 list-7 0 list-8 0 list-9 0;" >130 :~$ echo | openssl s_client -connect deb.frrouting.org:443 | grep return
depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
Verify return code: 10 (certificate has expired)
DONE</pre>
<div><pre class="c-mrkdwn__pre" data-stringify-type="pre" style="box-sizing: inherit; margin: 4px 0px; padding: 8px; --saf-0:rgba(var(--sk_foreground_low,29,28,29),0.13); font-size: 12px; line-height: 1.50001; font-variant-ligatures: none; white-space: pre-wrap; overflow-wrap: break-word; word-break: normal; tab-size: 4; font-family: Monaco, Menlo, Consolas, "Courier New", monospace !important; border: 1px solid var(--saf-0); border-radius: 4px; background: rgba(var(--sk_foreground_min,29,28,29),0.04); counter-reset: list-0 0 list-1 0 list-2 0 list-3 0 list-4 0 list-5 0 list-6 0 list-7 0 list-8 0 list-9 0; color: rgb(209, 210, 211); font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;" >[tsantiago@tree01-cs ~]$ echo | openssl s_client -connect deb.frrouting.org:443 | grep return
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = deb.frrouting.org
verify return:1
DONE
Verify return code: 0 (ok)</pre></div></div></div></div></div></div></div></div>
<div dir="ltr" > </div>
<div dir="ltr" ><div> </div>
<div><font size="2" face="Verdana,Arial,Helvetica,sans-serif" ><font size="2" face="Verdana,Arial,Helvetica,sans-serif" ><font size="2" face="Verdana,Arial,Helvetica,sans-serif" ><font size="2" face="Verdana,Arial,Helvetica,sans-serif" ><font size="2" face="Verdana,Arial,Helvetica,sans-serif" ><font style="font-size: 16px; box-sizing: inherit;" face="Trebuchet MS" >Thanks,</font><br style="box-sizing: inherit;" ><br style="box-sizing: inherit; font-family: arial, helvetica, sans-serif;" ><b style="font-size: 16px; box-sizing: inherit; font-family: arial, helvetica, sans-serif;" ><font style="box-sizing: inherit;" size="4" face="Trebuchet MS" >Trae Santiago</font></b><br style="box-sizing: inherit; font-family: arial, helvetica, sans-serif;" ><font style="font-size: 16px; box-sizing: inherit;" face="Trebuchet MS" >Network Engineer</font></font></font></font></font></font></div>
<div style="" ><font size="2" face="Verdana,Arial,Helvetica,sans-serif" ><font size="2" face="Verdana,Arial,Helvetica,sans-serif" ><font size="2" face="Verdana,Arial,Helvetica,sans-serif" ><font size="2" face="Verdana,Arial,Helvetica,sans-serif" ><font size="2" face="Verdana,Arial,Helvetica,sans-serif" ><font style="box-sizing: inherit;" face="Trebuchet MS" >IBM Cloud</font><br style="box-sizing: inherit;" ><font style="font-size: small; box-sizing: inherit;" size="2" face="Trebuchet MS" >+1 (469) 585 - 9317</font><br style="box-sizing: inherit;" ><a href="mailto://tsantiago@us.ibm.com/" style="font-size: 16px; box-sizing: inherit; text-decoration-line: none; cursor: pointer; color: black; font-family: arial, helvetica, sans-serif;" ><u style="box-sizing: inherit;" ><font style="box-sizing: inherit;" size="2" face="Trebuchet MS" >tsantiago@us.ibm.com</font></u></a></font></font></font></font></font></div></div>
<div dir="ltr" > </div>
<div dir="ltr" > </div>
<blockquote data-history-content-modified="1" dir="ltr" style="border-left:solid #aaaaaa 2px; margin-left:5px; padding-left:5px; direction:ltr; margin-right:0px" >----- Original message -----<br>From: "Jafar Al-Gharaibeh" <jafar@atcorp.com><br>Sent by: "dev" <dev-bounces+tsantiago=us.ibm.com@lists.frrouting.org><br>To: "Eduard Margulescu" <eduard.margulescu@bigstep.com>, "dev@lists.frrouting.org" <dev@lists.frrouting.org><br>Cc:<br>Subject: [EXTERNAL] Re: [dev] Certificate error deb.frrouting.org<br>Date: Wed, Oct 6, 2021 3:07 PM<br> <br><!--Notes ACF
<meta http-equiv="Content-Type" content="text/html; charset=utf8" >-->
<p>Hi,</p>
<p> We use Let's Encrypt certificates, and as far as I can see, things are good in the deployed certificates.</p>
<p> Issued On Wednesday, September 8, 2021 at 12:52:30 PM<br> Expires On Tuesday, December 7, 2021 at 11:52:29 AM</p>
<p> It is likely that the ca certificates need updating at your end:</p>
<p> sudo apt install ca-certificates</p>
<p> you can use the tool update-ca-certificates that comes with the package above to update your CAs.</p>
<p>Regards,</p>
<p>Jafar</p>
<div>On 10/4/21 4:23 AM, Eduard Margulescu wrote:</div>
<blockquote cite="mid:PAXP190MB1549F87FECC17CECC66F05CAE6AE9@PAXP190MB1549.EURP190.PROD.OUTLOOK.COM" type="cite" ><!--Notes ACF
<meta http-equiv="Content-Type" content="text/html; charset=utf8" >-->
<div><p style="margin: 0px;" ><span lang="EN-US" >Hello team,<o:p></o:p></span></p>
<p style="margin: 0px;" ><span lang="EN-US" ><o:p> </o:p></span></p>
<p style="margin: 0px;" ><span lang="EN-US" >I want to install FRR on an Ubuntu 18.04 server and I receive this error when I try to use this procedure (<a href="https://deb.frrouting.org/" target="_blank" >https://deb.frrouting.org/</a>) :<o:p></o:p></span></p>
<p style="margin: 0px;" ><span lang="EN-US" ><o:p> </o:p></span></p>
<div style="mso-element:para-border-div;border:solid black 1.0pt;padding:5.0pt 5.0pt 5.0pt 5.0pt;background:#EEEEEE" ><div><font size="2" face="Default Monospace,Courier New,Courier,monospace" ><i><span style="font-size:11.0pt;font-family:"Fira Mono";color:#777799" ># add GPG key</span></i><span style="font-size:11.0pt;font-family:"Fira Mono";color:black" ><o:p></o:p></span></font></div>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace" ><span style="font-size:11.0pt;font-family:"Fira Mono";color:black" >curl -s <a href="https://deb.frrouting.org/frr/keys.asc" moz-do-not-send="true" target="_blank" >https://deb.frrouting.org/frr/keys.asc</a> | sudo apt-key add -<o:p></o:p></span></font></div>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace" ><span style="font-size:11.0pt;font-family:"Fira Mono";color:black" ><o:p> </o:p></span></font></div>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace" ><i><span style="font-size:11.0pt;font-family:"Fira Mono";color:#777799" ># possible values for FRRVER: </span></i><i><span style="font-size:11.0pt;font-family:"Fira Mono";color:#007700" >frr-6 frr-7 frr-8 frr-stable</span></i><i><span style="font-size:11.0pt;font-family:"Fira Mono";color:#777799" ><o:p></o:p></span></i></font></div>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace" ><i><span style="font-size:11.0pt;font-family:"Fira Mono";color:#777799" ># frr-stable will be the latest official stable release</span></i><span style="font-size:11.0pt;font-family:"Fira Mono";color:black" ><o:p></o:p></span></font></div>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace" ><span style="font-size:11.0pt;font-family:"Fira Mono";color:black" >FRRVER="</span><span style="font-size:11.0pt;font-family:"Fira Mono";color:#007700" >frr-stable</span><span style="font-size:11.0pt;font-family:"Fira Mono";color:black" >"<o:p></o:p></span></font></div>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace" ><span style="font-size:11.0pt;font-family:"Fira Mono";color:black" >echo deb <a href="https://deb.frrouting.org/frr" moz-do-not-send="true" target="_blank" >https://deb.frrouting.org/frr</a> $(lsb_release -s -c) $FRRVER | sudo tee -a /etc/apt/sources.list.d/frr.list<o:p></o:p></span></font></div>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace" ><span style="font-size:11.0pt;font-family:"Fira Mono";color:black" ><o:p> </o:p></span></font></div>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace" ><i><span style="font-size:11.0pt;font-family:"Fira Mono";color:#777799" ># update and install FRR</span></i><span style="font-size:11.0pt;font-family:"Fira Mono";color:black" ><o:p></o:p></span></font></div>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace" ><span style="font-size:11.0pt;font-family:"Fira Mono";color:black" >sudo apt update && sudo apt install frr frr-pythontools<o:p></o:p></span></font></div></div>
<p style="margin: 0px;" ><span lang="EN-US" ><o:p> </o:p></span></p>
<p style="margin: 0px;" ><span lang="EN-US" ><o:p> </o:p></span></p>
<p style="margin: 0px;" ><span lang="EN-US" >root@ukr1:~# curl -s <a href="https://deb.frrouting.org/frr/keys.asc" target="_blank" >https://deb.frrouting.org/frr/keys.asc</a> | sudo apt-key add -<o:p></o:p></span></p>
<p style="margin: 0px;" ><span lang="EN-US" >OK<o:p></o:p></span></p>
<p style="margin: 0px;" ><span lang="EN-US" >root@ukr1:~# FRRVER="frr-stable"<o:p></o:p></span></p>
<p style="margin: 0px;" ><span lang="EN-US" >root@ukr1:~# echo deb <a href="https://deb.frrouting.org/frr" target="_blank" >https://deb.frrouting.org/frr</a> $(lsb_release -s -c) $FRRVER | sudo tee -a /etc/apt/sources.list.d/frr.list<o:p></o:p></span></p>
<p style="margin: 0px;" ><span lang="EN-US" >deb <a href="https://deb.frrouting.org/frr" target="_blank" >https://deb.frrouting.org/frr</a> bionic frr-stable<o:p></o:p></span></p>
<p style="margin: 0px;" ><span lang="EN-US" >root@ukr1:~# sudo apt update && sudo apt install frr frr-pythontools<o:p></o:p></span></p>
<p style="margin: 0px;" ><span lang="EN-US" >Get:1 <a href="http://security.ubuntu.com/ubuntu" target="_blank" >http://security.ubuntu.com/ubuntu</a> bionic-security InRelease [88.7 kB]<o:p></o:p></span></p>
<p style="margin: 0px;" ><span lang="EN-US" >Hit:2 <a href="http://us.archive.ubuntu.com/ubuntu" target="_blank" >http://us.archive.ubuntu.com/ubuntu</a> bionic InRelease<o:p></o:p></span></p>
<p style="margin: 0px;" ><span lang="EN-US" >Ign:3 <a href="https://deb.frrouting.org/frr" target="_blank" >https://deb.frrouting.org/frr</a> bionic InRelease<o:p></o:p></span></p>
<p style="margin: 0px;" ><span lang="EN-US" >Get:4 <a href="http://us.archive.ubuntu.com/ubuntu" target="_blank" >http://us.archive.ubuntu.com/ubuntu</a> bionic-updates InRelease [88.7 kB]<o:p></o:p></span></p>
<p style="margin: 0px;" ><span style="background:yellow;mso-highlight:yellow" lang="EN-US" >Err:5 <a href="https://deb.frrouting.org/frr" target="_blank" >https://deb.frrouting.org/frr</a> bionic Release<o:p></o:p></span></p>
<p style="margin: 0px;" ><span style="background:yellow;mso-highlight:yellow" lang="EN-US" > Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 194.147.138.41 443]</span><span lang="EN-US" ><o:p></o:p></span></p>
<p style="margin: 0px;" ><span lang="EN-US" >Get:6 <a href="http://us.archive.ubuntu.com/ubuntu" target="_blank" >http://us.archive.ubuntu.com/ubuntu</a> bionic-backports InRelease [74.6 kB]<o:p></o:p></span></p>
<p style="margin: 0px;" ><span lang="EN-US" >Reading package lists... Done<o:p></o:p></span></p>
<p style="margin: 0px;" ><span style="background:yellow;mso-highlight:yellow" lang="EN-US" >E: The repository '<a href="https://deb.frrouting.org/frr" target="_blank" >https://deb.frrouting.org/frr</a> bionic Release' does not have a Release file.<o:p></o:p></span></p>
<p style="margin: 0px;" ><span style="background:yellow;mso-highlight:yellow" lang="EN-US" >N: Updating from such a repository can't be done securely, and is therefore disabled by default.</span><span lang="EN-US" ><o:p></o:p></span></p>
<p style="margin: 0px;" ><span lang="EN-US" >N: See apt-secure(8) manpage for repository creation and user configuration details.<o:p></o:p></span></p>
<p style="margin: 0px;" ><span lang="EN-US" ><o:p> </o:p></span></p>
<p style="margin: 0px;" ><span lang="EN-US" >Is there something you can fix ?<o:p></o:p></span></p>
<p style="margin: 0px;" ><span lang="EN-US" ><o:p> </o:p></span></p>
<p style="margin: 0px;" ><span lang="EN-US" >Thanks,<o:p></o:p></span></p>
<p style="margin: 0px;" ><span lang="EN-US" >Eduard<o:p></o:p></span></p>
<p style="margin: 0px;" ><o:p> </o:p></p></div>
<fieldset> </fieldset>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace" >_______________________________________________<br>dev mailing list<br><a href="mailto:dev@lists.frrouting.org" target="_blank" >dev@lists.frrouting.org</a><br><a href="https://lists.frrouting.org/listinfo/dev" target="_blank" >https://lists.frrouting.org/listinfo/dev</a></font></div></blockquote>
<div id="MIMEAttachInfoDiv" style="display:none" title="octet-stream|smime.p7s" > </div>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace" >_______________________________________________<br>dev mailing list<br>dev@lists.frrouting.org<br><a href="https://lists.frrouting.org/listinfo/dev" target="_blank" >https://lists.frrouting.org/listinfo/dev</a></font></div></blockquote>
<div dir="ltr" > </div></div><BR>
<BR>