<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>I'd try the ca update method I described in my previous email
before coming to any conclusions. <br>
</p>
<p>Regards,</p>
<p>Jafar<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 10/6/21 3:31 PM, Trae E Santiago
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:OF7E1A64C4.D9D8F4FC-ON00258766.00707FA8-00258766.0070C50E@ibm.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div class="socmaildefaultfont" dir="ltr"
style="font-family:Arial, Helvetica, sans-serif;font-size:10pt">
<div dir="ltr">The FRR slack has details that say otherwise,
though I don't know if it has been fixed since I tested. It
looks like one of the certs is <em>not</em> changed, but I
believe they're fixing it now in Slack:</div>
<div dir="ltr"> </div>
<div dir="ltr">
<div class="c-message_kit__gutter__left" style="box-sizing:
inherit; flex-shrink: 0; margin-right: 8px; display: flex;
color: rgb(209, 210, 211); font-family: Slack-Lato,
appleLogo, sans-serif; font-size: 15px; font-style: normal;
font-variant-ligatures: common-ligatures; font-variant-caps:
normal; font-weight: 400; letter-spacing: normal; orphans:
2; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: 2; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(34,
37, 41); text-decoration-thickness: initial;
text-decoration-style: initial; text-decoration-color:
initial;">
<div class="p-message_pane_message__compact_timestamp
p-message_pane_message__compact_timestamp--light
p-message_pane_message__compact_timestamp--adjacent"
style="box-sizing: inherit; margin: -4px 0px -4px -20px;
width: 56px; text-align: right; opacity: 1;"><a
class="c-link c-timestamp" data-sk="tooltip_parent"
data-stringify-requires-siblings="true"
data-stringify-text="[1:06 PM]"
data-stringify-type="replace"
data-ts="1633543590.164400" delay="300"
href="https://frrouting.slack.com/archives/C4T714TAQ/p1633543590164400"
style="box-sizing: inherit; color:
rgba(var(--sk_foreground_max_solid,97,96,97),1);
text-decoration: none; font-size: 12px;"
moz-do-not-send="true"><span class="c-timestamp__label"
style="box-sizing: inherit; color:
rgba(var(--sk_foreground_max_solid,97,96,97),1);">1:06</span></a></div>
</div>
<div class="c-message_kit__gutter__right"
data-qa="message_content" role="presentation"
style="box-sizing: inherit; flex: 1 1 0px; min-width: 0px;
padding: 8px 8px 8px 16px; margin: -12px -8px -16px -16px;
color: rgb(209, 210, 211); font-family: Slack-Lato,
appleLogo, sans-serif; font-size: 15px; font-style: normal;
font-variant-ligatures: common-ligatures; font-variant-caps:
normal; font-weight: 400; letter-spacing: normal; orphans:
2; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: 2; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(34,
37, 41); text-decoration-thickness: initial;
text-decoration-style: initial; text-decoration-color:
initial;">
<div class="c-message_kit__blocks
c-message_kit__blocks--rich_text" style="box-sizing:
inherit; max-width: none; margin-bottom: 4px;">
<div class="c-message__message_blocks
c-message__message_blocks--rich_text" style="box-sizing:
inherit; max-width: none; overflow-wrap: break-word;">
<div class="p-block_kit_renderer"
data-qa="block-kit-renderer" style="box-sizing:
inherit; width: 1022px;">
<div class="p-block_kit_renderer__block_wrapper
p-block_kit_renderer__block_wrapper--first"
style="box-sizing: inherit; display: flex;">
<div class="p-rich_text_block" dir="auto"
style="box-sizing: inherit; counter-reset: list-0
0 list-1 0 list-2 0 list-3 0 list-4 0 list-5 0
list-6 0 list-7 0 list-8 0 list-9 0; width:
1022px; user-select: text; text-align: left;
font-size: 15px; line-height: 1.46668;">
<pre class="c-mrkdwn__pre" data-stringify-type="pre" style="box-sizing: inherit; margin: 4px 0px; padding: 8px; --saf-0:rgba(var(--sk_foreground_low,29,28,29),0.13); font-size: 12px; line-height: 1.50001; font-variant-ligatures: none; white-space: pre-wrap; overflow-wrap: break-word; word-break: normal; tab-size: 4; font-family: Monaco, Menlo, Consolas, "Courier New", monospace !important; border: 1px solid var(--saf-0); border-radius: 4px; background: rgba(var(--sk_foreground_min,29,28,29),0.04); counter-reset: list-0 0 list-1 0 list-2 0 list-3 0 list-4 0 list-5 0 list-6 0 list-7 0 list-8 0 list-9 0;">130 :~$ echo | openssl s_client -connect deb.frrouting.org:443 | grep return
depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
Verify return code: 10 (certificate has expired)
DONE</pre>
<div>
<pre class="c-mrkdwn__pre" data-stringify-type="pre" style="box-sizing: inherit; margin: 4px 0px; padding: 8px; --saf-0:rgba(var(--sk_foreground_low,29,28,29),0.13); font-size: 12px; line-height: 1.50001; font-variant-ligatures: none; white-space: pre-wrap; overflow-wrap: break-word; word-break: normal; tab-size: 4; font-family: Monaco, Menlo, Consolas, "Courier New", monospace !important; border: 1px solid var(--saf-0); border-radius: 4px; background: rgba(var(--sk_foreground_min,29,28,29),0.04); counter-reset: list-0 0 list-1 0 list-2 0 list-3 0 list-4 0 list-5 0 list-6 0 list-7 0 list-8 0 list-9 0; color: rgb(209, 210, 211); font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">[tsantiago@tree01-cs ~]$ echo | openssl s_client -connect deb.frrouting.org:443 | grep return
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = deb.frrouting.org
verify return:1
DONE
Verify return code: 0 (ok)</pre>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div dir="ltr"> </div>
<div dir="ltr">
<div> </div>
<div><font size="2" face="Verdana,Arial,Helvetica,sans-serif"><font
size="2" face="Verdana,Arial,Helvetica,sans-serif"><font
size="2" face="Verdana,Arial,Helvetica,sans-serif"><font
size="2" face="Verdana,Arial,Helvetica,sans-serif"><font
size="2" face="Verdana,Arial,Helvetica,sans-serif"><font
style="font-size: 16px; box-sizing: inherit;"
face="Trebuchet MS">Thanks,</font><br
style="box-sizing: inherit;">
<br style="box-sizing: inherit; font-family:
arial, helvetica, sans-serif;">
<b style="font-size: 16px; box-sizing: inherit;
font-family: arial, helvetica, sans-serif;"><font
style="box-sizing: inherit;" size="4"
face="Trebuchet MS">Trae Santiago</font></b><br
style="box-sizing: inherit; font-family: arial,
helvetica, sans-serif;">
<font style="font-size: 16px; box-sizing:
inherit;" face="Trebuchet MS">Network Engineer</font></font></font></font></font></font></div>
<div style=""><font size="2"
face="Verdana,Arial,Helvetica,sans-serif"><font size="2"
face="Verdana,Arial,Helvetica,sans-serif"><font size="2"
face="Verdana,Arial,Helvetica,sans-serif"><font
size="2" face="Verdana,Arial,Helvetica,sans-serif"><font
size="2" face="Verdana,Arial,Helvetica,sans-serif"><font
style="box-sizing: inherit;" face="Trebuchet MS">IBM
Cloud</font><br style="box-sizing: inherit;">
<font style="font-size: small; box-sizing:
inherit;" size="2" face="Trebuchet MS">+1 (469)
585 - 9317</font><br style="box-sizing:
inherit;">
<a href="mailto://tsantiago@us.ibm.com/"
style="font-size: 16px; box-sizing: inherit;
text-decoration-line: none; cursor: pointer;
color: black; font-family: arial, helvetica,
sans-serif;" moz-do-not-send="true"><u
style="box-sizing: inherit;"><font
style="box-sizing: inherit;" size="2"
face="Trebuchet MS">tsantiago@us.ibm.com</font></u></a></font></font></font></font></font></div>
</div>
<div dir="ltr"> </div>
<div dir="ltr"> </div>
<blockquote data-history-content-modified="1" dir="ltr"
style="border-left:solid #aaaaaa 2px; margin-left:5px;
padding-left:5px; direction:ltr; margin-right:0px">-----
Original message -----<br>
From: "Jafar Al-Gharaibeh" <a class="moz-txt-link-rfc2396E" href="mailto:jafar@atcorp.com"><jafar@atcorp.com></a><br>
Sent by: "dev"
<a class="moz-txt-link-rfc2396E" href="mailto:dev-bounces+tsantiago=us.ibm.com@lists.frrouting.org"><dev-bounces+tsantiago=us.ibm.com@lists.frrouting.org></a><br>
To: "Eduard Margulescu" <a class="moz-txt-link-rfc2396E" href="mailto:eduard.margulescu@bigstep.com"><eduard.margulescu@bigstep.com></a>,
<a class="moz-txt-link-rfc2396E" href="mailto:dev@lists.frrouting.org">"dev@lists.frrouting.org"</a> <a class="moz-txt-link-rfc2396E" href="mailto:dev@lists.frrouting.org"><dev@lists.frrouting.org></a><br>
Cc:<br>
Subject: [EXTERNAL] Re: [dev] Certificate error
deb.frrouting.org<br>
Date: Wed, Oct 6, 2021 3:07 PM<br>
<br>
<!--Notes ACF
<meta http-equiv="Content-Type" content="text/html; charset=utf8" >-->
<p>Hi,</p>
<p> We use Let's Encrypt certificates, and as far as I can
see, things are good in the deployed certificates.</p>
<p> Issued On Wednesday, September 8, 2021 at 12:52:30
PM<br>
Expires On Tuesday, December 7, 2021 at 11:52:29 AM</p>
<p> It is likely that the ca certificates need updating at
your end:</p>
<p> sudo apt install ca-certificates</p>
<p> you can use the tool update-ca-certificates that comes
with the package above to update your CAs.</p>
<p>Regards,</p>
<p>Jafar</p>
<div>On 10/4/21 4:23 AM, Eduard Margulescu wrote:</div>
<blockquote
cite="mid:PAXP190MB1549F87FECC17CECC66F05CAE6AE9@PAXP190MB1549.EURP190.PROD.OUTLOOK.COM"
type="cite"><!--Notes ACF
<meta http-equiv="Content-Type" content="text/html; charset=utf8" >-->
<div>
<p style="margin: 0px;"><span lang="EN-US">Hello team,<o:p></o:p></span></p>
<p style="margin: 0px;"><span lang="EN-US"><o:p> </o:p></span></p>
<p style="margin: 0px;"><span lang="EN-US">I want to
install FRR on an Ubuntu 18.04 server and I receive
this error when I try to use this procedure (<a
href="https://deb.frrouting.org/" target="_blank"
moz-do-not-send="true">https://deb.frrouting.org/</a>)
:<o:p></o:p></span></p>
<p style="margin: 0px;"><span lang="EN-US"><o:p> </o:p></span></p>
<div style="mso-element:para-border-div;border:solid black
1.0pt;padding:5.0pt 5.0pt 5.0pt
5.0pt;background:#EEEEEE">
<div><font size="2" face="Default Monospace,Courier
New,Courier,monospace"><i><span
style="font-size:11.0pt;font-family:"Fira
Mono";color:#777799"># add GPG key</span></i><span
style="font-size:11.0pt;font-family:"Fira
Mono";color:black"><o:p></o:p></span></font></div>
<div><font size="2" face="Default Monospace,Courier
New,Courier,monospace"><span
style="font-size:11.0pt;font-family:"Fira
Mono";color:black">curl -s <a
href="https://deb.frrouting.org/frr/keys.asc"
moz-do-not-send="true" target="_blank">https://deb.frrouting.org/frr/keys.asc</a> |
sudo apt-key add -<o:p></o:p></span></font></div>
<div><font size="2" face="Default Monospace,Courier
New,Courier,monospace"><span
style="font-size:11.0pt;font-family:"Fira
Mono";color:black"><o:p> </o:p></span></font></div>
<div><font size="2" face="Default Monospace,Courier
New,Courier,monospace"><i><span
style="font-size:11.0pt;font-family:"Fira
Mono";color:#777799"># possible values for
FRRVER: </span></i><i><span
style="font-size:11.0pt;font-family:"Fira
Mono";color:#007700">frr-6 frr-7 frr-8
frr-stable</span></i><i><span
style="font-size:11.0pt;font-family:"Fira
Mono";color:#777799"><o:p></o:p></span></i></font></div>
<div><font size="2" face="Default Monospace,Courier
New,Courier,monospace"><i><span
style="font-size:11.0pt;font-family:"Fira
Mono";color:#777799"># frr-stable will be
the latest official stable release</span></i><span
style="font-size:11.0pt;font-family:"Fira
Mono";color:black"><o:p></o:p></span></font></div>
<div><font size="2" face="Default Monospace,Courier
New,Courier,monospace"><span
style="font-size:11.0pt;font-family:"Fira
Mono";color:black">FRRVER="</span><span
style="font-size:11.0pt;font-family:"Fira
Mono";color:#007700">frr-stable</span><span
style="font-size:11.0pt;font-family:"Fira
Mono";color:black">"<o:p></o:p></span></font></div>
<div><font size="2" face="Default Monospace,Courier
New,Courier,monospace"><span
style="font-size:11.0pt;font-family:"Fira
Mono";color:black">echo deb <a
href="https://deb.frrouting.org/frr"
moz-do-not-send="true" target="_blank">https://deb.frrouting.org/frr</a> $(lsb_release
-s -c) $FRRVER | sudo tee -a
/etc/apt/sources.list.d/frr.list<o:p></o:p></span></font></div>
<div><font size="2" face="Default Monospace,Courier
New,Courier,monospace"><span
style="font-size:11.0pt;font-family:"Fira
Mono";color:black"><o:p> </o:p></span></font></div>
<div><font size="2" face="Default Monospace,Courier
New,Courier,monospace"><i><span
style="font-size:11.0pt;font-family:"Fira
Mono";color:#777799"># update and install
FRR</span></i><span
style="font-size:11.0pt;font-family:"Fira
Mono";color:black"><o:p></o:p></span></font></div>
<div><font size="2" face="Default Monospace,Courier
New,Courier,monospace"><span
style="font-size:11.0pt;font-family:"Fira
Mono";color:black">sudo apt update &&
sudo apt install frr frr-pythontools<o:p></o:p></span></font></div>
</div>
<p style="margin: 0px;"><span lang="EN-US"><o:p> </o:p></span></p>
<p style="margin: 0px;"><span lang="EN-US"><o:p> </o:p></span></p>
<p style="margin: 0px;"><span lang="EN-US">root@ukr1:~#
curl -s <a
href="https://deb.frrouting.org/frr/keys.asc"
target="_blank" moz-do-not-send="true">https://deb.frrouting.org/frr/keys.asc</a>
| sudo apt-key add -<o:p></o:p></span></p>
<p style="margin: 0px;"><span lang="EN-US">OK<o:p></o:p></span></p>
<p style="margin: 0px;"><span lang="EN-US">root@ukr1:~#
FRRVER="frr-stable"<o:p></o:p></span></p>
<p style="margin: 0px;"><span lang="EN-US">root@ukr1:~#
echo deb <a href="https://deb.frrouting.org/frr"
target="_blank" moz-do-not-send="true">https://deb.frrouting.org/frr</a>
$(lsb_release -s -c) $FRRVER | sudo tee -a
/etc/apt/sources.list.d/frr.list<o:p></o:p></span></p>
<p style="margin: 0px;"><span lang="EN-US">deb <a
href="https://deb.frrouting.org/frr" target="_blank"
moz-do-not-send="true">https://deb.frrouting.org/frr</a>
bionic frr-stable<o:p></o:p></span></p>
<p style="margin: 0px;"><span lang="EN-US">root@ukr1:~#
sudo apt update && sudo apt install frr
frr-pythontools<o:p></o:p></span></p>
<p style="margin: 0px;"><span lang="EN-US">Get:1 <a
href="http://security.ubuntu.com/ubuntu"
target="_blank" moz-do-not-send="true">http://security.ubuntu.com/ubuntu</a>
bionic-security InRelease [88.7 kB]<o:p></o:p></span></p>
<p style="margin: 0px;"><span lang="EN-US">Hit:2 <a
href="http://us.archive.ubuntu.com/ubuntu"
target="_blank" moz-do-not-send="true">http://us.archive.ubuntu.com/ubuntu</a>
bionic InRelease<o:p></o:p></span></p>
<p style="margin: 0px;"><span lang="EN-US">Ign:3 <a
href="https://deb.frrouting.org/frr" target="_blank"
moz-do-not-send="true">https://deb.frrouting.org/frr</a>
bionic InRelease<o:p></o:p></span></p>
<p style="margin: 0px;"><span lang="EN-US">Get:4 <a
href="http://us.archive.ubuntu.com/ubuntu"
target="_blank" moz-do-not-send="true">http://us.archive.ubuntu.com/ubuntu</a>
bionic-updates InRelease [88.7 kB]<o:p></o:p></span></p>
<p style="margin: 0px;"><span
style="background:yellow;mso-highlight:yellow"
lang="EN-US">Err:5 <a
href="https://deb.frrouting.org/frr" target="_blank"
moz-do-not-send="true">https://deb.frrouting.org/frr</a>
bionic Release<o:p></o:p></span></p>
<p style="margin: 0px;"><span
style="background:yellow;mso-highlight:yellow"
lang="EN-US"> Certificate verification failed: The
certificate is NOT trusted. The certificate chain uses
expired certificate. Could not handshake: Error in
the certificate verification. [IP: 194.147.138.41 443]</span><span
lang="EN-US"><o:p></o:p></span></p>
<p style="margin: 0px;"><span lang="EN-US">Get:6 <a
href="http://us.archive.ubuntu.com/ubuntu"
target="_blank" moz-do-not-send="true">http://us.archive.ubuntu.com/ubuntu</a>
bionic-backports InRelease [74.6 kB]<o:p></o:p></span></p>
<p style="margin: 0px;"><span lang="EN-US">Reading package
lists... Done<o:p></o:p></span></p>
<p style="margin: 0px;"><span
style="background:yellow;mso-highlight:yellow"
lang="EN-US">E: The repository '<a
href="https://deb.frrouting.org/frr" target="_blank"
moz-do-not-send="true">https://deb.frrouting.org/frr</a>
bionic Release' does not have a Release file.<o:p></o:p></span></p>
<p style="margin: 0px;"><span
style="background:yellow;mso-highlight:yellow"
lang="EN-US">N: Updating from such a repository can't
be done securely, and is therefore disabled by
default.</span><span lang="EN-US"><o:p></o:p></span></p>
<p style="margin: 0px;"><span lang="EN-US">N: See
apt-secure(8) manpage for repository creation and user
configuration details.<o:p></o:p></span></p>
<p style="margin: 0px;"><span lang="EN-US"><o:p> </o:p></span></p>
<p style="margin: 0px;"><span lang="EN-US">Is there
something you can fix ?<o:p></o:p></span></p>
<p style="margin: 0px;"><span lang="EN-US"><o:p> </o:p></span></p>
<p style="margin: 0px;"><span lang="EN-US">Thanks,<o:p></o:p></span></p>
<p style="margin: 0px;"><span lang="EN-US">Eduard<o:p></o:p></span></p>
<p style="margin: 0px;"><o:p> </o:p></p>
</div>
<fieldset> </fieldset>
<div><font size="2" face="Default Monospace,Courier
New,Courier,monospace">_______________________________________________<br>
dev mailing list<br>
<a href="mailto:dev@lists.frrouting.org" target="_blank"
moz-do-not-send="true">dev@lists.frrouting.org</a><br>
<a href="https://lists.frrouting.org/listinfo/dev"
target="_blank" moz-do-not-send="true">https://lists.frrouting.org/listinfo/dev</a></font></div>
</blockquote>
<div id="MIMEAttachInfoDiv" style="display:none"
title="octet-stream|smime.p7s"> </div>
<div><font size="2" face="Default Monospace,Courier
New,Courier,monospace">_______________________________________________<br>
dev mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:dev@lists.frrouting.org">dev@lists.frrouting.org</a><br>
<a href="https://lists.frrouting.org/listinfo/dev"
target="_blank" moz-do-not-send="true">https://lists.frrouting.org/listinfo/dev</a></font></div>
</blockquote>
<div dir="ltr"> </div>
</div>
<br>
<br>
</blockquote>
</body>
</html>