[dev] Certificate error deb.frrouting.org

Jafar Al-Gharaibeh jafar at atcorp.com
Wed Oct 6 20:50:59 UTC 2021


I'd try the ca update  method I described in my previous email before 
coming to any conclusions.

Regards,

Jafar


On 10/6/21 3:31 PM, Trae E Santiago wrote:
> The FRR slack has details that say otherwise, though I don't know if
> it has been fixed since I tested. It looks like one of the certs is
> /not/ changed, but I believe they're fixing it now in Slack:
>  
> 1:06 <https://frrouting.slack.com/archives/C4T714TAQ/p1633543590164400>
> 130 :~$ echo | openssl s_client -connect deb.frrouting.org:443 | grep return
> depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
> verify error:num=10:certificate has expired
> notAfter=Sep 30 14:01:15 2021 GMT
> verify return:0
>     Verify return code: 10 (certificate has expired)
> DONE
> [tsantiago at tree01-cs ~]$ echo | openssl s_client -connect deb.frrouting.org:443 | grep return
> depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
> verify return:1
> depth=1 C = US, O = Let's Encrypt, CN = R3
> verify return:1
> depth=0 CN = deb.frrouting.org
> verify return:1
> DONE
>     Verify return code: 0 (ok)
>  
>  
> Thanks,
>
> *Trae Santiago*
> Network Engineer
> IBM Cloud
> +1 (469) 585 - 9317
> _tsantiago at us.ibm.com_ <mailto://tsantiago@us.ibm.com/>
>  
>  
>
>     ----- Original message -----
>     From: "Jafar Al-Gharaibeh" <jafar at atcorp.com>
>     Sent by: "dev" <dev-bounces+tsantiago=us.ibm.com at lists.frrouting.org>
>     To: "Eduard Margulescu" <eduard.margulescu at bigstep.com>,
>     "dev at lists.frrouting.org" <dev at lists.frrouting.org>
>     Cc:
>     Subject: [EXTERNAL] Re: [dev] Certificate error deb.frrouting.org
>     Date: Wed, Oct 6, 2021 3:07 PM
>      
>
>     Hi,
>
>        We use Let's Encrypt certificates, and as far as I can see,
>     things are good in the deployed certificates.
>
>           Issued On    Wednesday, September 8, 2021 at 12:52:30 PM
>           Expires On    Tuesday, December 7, 2021 at 11:52:29 AM
>
>        It is likely that  the ca certificates need updating at your end:
>
>        sudo apt install ca-certificates
>
>       you can use the tool update-ca-certificates that comes with the
>     package above to update your CAs.
>
>     Regards,
>
>     Jafar
>
>     On 10/4/21 4:23 AM, Eduard Margulescu wrote:
>>
>>     Hello team,
>>
>>      
>>
>>     I want to install FRR on an Ubuntu 18.04 server and I receive
>>     this error when I try to use this procedure
>>     (https://deb.frrouting.org/ <https://deb.frrouting.org/>) :
>>
>>      
>>
>>     /# add GPG key/
>>     curl -s https://deb.frrouting.org/frr/keys.asc
>>     <https://deb.frrouting.org/frr/keys.asc> | sudo apt-key add -
>>      
>>     /# possible values for FRRVER: //frr-6 frr-7 frr-8 frr-stable///
>>     /# frr-stable will be the latest official stable release/
>>     FRRVER="frr-stable"
>>     echo deb https://deb.frrouting.org/frr
>>     <https://deb.frrouting.org/frr> $(lsb_release -s -c) $FRRVER |
>>     sudo tee -a /etc/apt/sources.list.d/frr.list
>>      
>>     /# update and install FRR/
>>     sudo apt update && sudo apt install frr frr-pythontools
>>
>>      
>>
>>      
>>
>>     root at ukr1:~# curl -s https://deb.frrouting.org/frr/keys.asc
>>     <https://deb.frrouting.org/frr/keys.asc> | sudo apt-key add -
>>
>>     OK
>>
>>     root at ukr1:~# FRRVER="frr-stable"
>>
>>     root at ukr1:~# echo deb https://deb.frrouting.org/frr
>>     <https://deb.frrouting.org/frr> $(lsb_release -s -c) $FRRVER |
>>     sudo tee -a /etc/apt/sources.list.d/frr.list
>>
>>     deb https://deb.frrouting.org/frr <https://deb.frrouting.org/frr>
>>     bionic frr-stable
>>
>>     root at ukr1:~# sudo apt update && sudo apt install frr frr-pythontools
>>
>>     Get:1 http://security.ubuntu.com/ubuntu
>>     <http://security.ubuntu.com/ubuntu> bionic-security InRelease
>>     [88.7 kB]
>>
>>     Hit:2 http://us.archive.ubuntu.com/ubuntu
>>     <http://us.archive.ubuntu.com/ubuntu> bionic InRelease
>>
>>     Ign:3 https://deb.frrouting.org/frr
>>     <https://deb.frrouting.org/frr> bionic InRelease
>>
>>     Get:4 http://us.archive.ubuntu.com/ubuntu
>>     <http://us.archive.ubuntu.com/ubuntu> bionic-updates InRelease
>>     [88.7 kB]
>>
>>     Err:5 https://deb.frrouting.org/frr
>>     <https://deb.frrouting.org/frr> bionic Release
>>
>>       Certificate verification failed: The certificate is NOT
>>     trusted. The certificate chain uses expired certificate.  Could
>>     not handshake: Error in the certificate verification. [IP:
>>     194.147.138.41 443]
>>
>>     Get:6 http://us.archive.ubuntu.com/ubuntu
>>     <http://us.archive.ubuntu.com/ubuntu> bionic-backports InRelease
>>     [74.6 kB]
>>
>>     Reading package lists... Done
>>
>>     E: The repository 'https://deb.frrouting.org/frr
>>     <https://deb.frrouting.org/frr> bionic Release' does not have a
>>     Release file.
>>
>>     N: Updating from such a repository can't be done securely, and is
>>     therefore disabled by default.
>>
>>     N: See apt-secure(8) manpage for repository creation and user
>>     configuration details.
>>
>>      
>>
>>     Is there something you can fix ?
>>
>>      
>>
>>     Thanks,
>>
>>     Eduard
>>
>>      
>>
>>      
>>      
>>
>>     _______________________________________________
>>     dev mailing list
>>     dev at lists.frrouting.org <mailto:dev at lists.frrouting.org>
>>     https://lists.frrouting.org/listinfo/dev
>>     <https://lists.frrouting.org/listinfo/dev>
>      
>     _______________________________________________
>     dev mailing list
>     dev at lists.frrouting.org
>     https://lists.frrouting.org/listinfo/dev
>     <https://lists.frrouting.org/listinfo/dev>
>
>  
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.frrouting.org/pipermail/dev/attachments/20211006/b09a2005/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4885 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.frrouting.org/pipermail/dev/attachments/20211006/b09a2005/attachment-0001.bin>


More information about the dev mailing list