[dev] Certificate error deb.frrouting.org
Jafar Al-Gharaibeh
jafar at atcorp.com
Wed Oct 6 20:50:59 UTC 2021
I'd try the ca update method I described in my previous email before
coming to any conclusions.
Regards,
Jafar
On 10/6/21 3:31 PM, Trae E Santiago wrote:
> The FRR slack has details that say otherwise, though I don't know if
> it has been fixed since I tested. It looks like one of the certs is
> /not/ changed, but I believe they're fixing it now in Slack:
>
> 1:06 <https://frrouting.slack.com/archives/C4T714TAQ/p1633543590164400>
> 130 :~$ echo | openssl s_client -connect deb.frrouting.org:443 | grep return
> depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
> verify error:num=10:certificate has expired
> notAfter=Sep 30 14:01:15 2021 GMT
> verify return:0
> Verify return code: 10 (certificate has expired)
> DONE
> [tsantiago at tree01-cs ~]$ echo | openssl s_client -connect deb.frrouting.org:443 | grep return
> depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
> verify return:1
> depth=1 C = US, O = Let's Encrypt, CN = R3
> verify return:1
> depth=0 CN = deb.frrouting.org
> verify return:1
> DONE
> Verify return code: 0 (ok)
>
>
> Thanks,
>
> *Trae Santiago*
> Network Engineer
> IBM Cloud
> +1 (469) 585 - 9317
> _tsantiago at us.ibm.com_ <mailto://tsantiago@us.ibm.com/>
>
>
>
> ----- Original message -----
> From: "Jafar Al-Gharaibeh" <jafar at atcorp.com>
> Sent by: "dev" <dev-bounces+tsantiago=us.ibm.com at lists.frrouting.org>
> To: "Eduard Margulescu" <eduard.margulescu at bigstep.com>,
> "dev at lists.frrouting.org" <dev at lists.frrouting.org>
> Cc:
> Subject: [EXTERNAL] Re: [dev] Certificate error deb.frrouting.org
> Date: Wed, Oct 6, 2021 3:07 PM
>
>
> Hi,
>
> We use Let's Encrypt certificates, and as far as I can see,
> things are good in the deployed certificates.
>
> Issued On Wednesday, September 8, 2021 at 12:52:30 PM
> Expires On Tuesday, December 7, 2021 at 11:52:29 AM
>
> It is likely that the ca certificates need updating at your end:
>
> sudo apt install ca-certificates
>
> you can use the tool update-ca-certificates that comes with the
> package above to update your CAs.
>
> Regards,
>
> Jafar
>
> On 10/4/21 4:23 AM, Eduard Margulescu wrote:
>>
>> Hello team,
>>
>>
>>
>> I want to install FRR on an Ubuntu 18.04 server and I receive
>> this error when I try to use this procedure
>> (https://deb.frrouting.org/ <https://deb.frrouting.org/>) :
>>
>>
>>
>> /# add GPG key/
>> curl -s https://deb.frrouting.org/frr/keys.asc
>> <https://deb.frrouting.org/frr/keys.asc> | sudo apt-key add -
>>
>> /# possible values for FRRVER: //frr-6 frr-7 frr-8 frr-stable///
>> /# frr-stable will be the latest official stable release/
>> FRRVER="frr-stable"
>> echo deb https://deb.frrouting.org/frr
>> <https://deb.frrouting.org/frr> $(lsb_release -s -c) $FRRVER |
>> sudo tee -a /etc/apt/sources.list.d/frr.list
>>
>> /# update and install FRR/
>> sudo apt update && sudo apt install frr frr-pythontools
>>
>>
>>
>>
>>
>> root at ukr1:~# curl -s https://deb.frrouting.org/frr/keys.asc
>> <https://deb.frrouting.org/frr/keys.asc> | sudo apt-key add -
>>
>> OK
>>
>> root at ukr1:~# FRRVER="frr-stable"
>>
>> root at ukr1:~# echo deb https://deb.frrouting.org/frr
>> <https://deb.frrouting.org/frr> $(lsb_release -s -c) $FRRVER |
>> sudo tee -a /etc/apt/sources.list.d/frr.list
>>
>> deb https://deb.frrouting.org/frr <https://deb.frrouting.org/frr>
>> bionic frr-stable
>>
>> root at ukr1:~# sudo apt update && sudo apt install frr frr-pythontools
>>
>> Get:1 http://security.ubuntu.com/ubuntu
>> <http://security.ubuntu.com/ubuntu> bionic-security InRelease
>> [88.7 kB]
>>
>> Hit:2 http://us.archive.ubuntu.com/ubuntu
>> <http://us.archive.ubuntu.com/ubuntu> bionic InRelease
>>
>> Ign:3 https://deb.frrouting.org/frr
>> <https://deb.frrouting.org/frr> bionic InRelease
>>
>> Get:4 http://us.archive.ubuntu.com/ubuntu
>> <http://us.archive.ubuntu.com/ubuntu> bionic-updates InRelease
>> [88.7 kB]
>>
>> Err:5 https://deb.frrouting.org/frr
>> <https://deb.frrouting.org/frr> bionic Release
>>
>> Certificate verification failed: The certificate is NOT
>> trusted. The certificate chain uses expired certificate. Could
>> not handshake: Error in the certificate verification. [IP:
>> 194.147.138.41 443]
>>
>> Get:6 http://us.archive.ubuntu.com/ubuntu
>> <http://us.archive.ubuntu.com/ubuntu> bionic-backports InRelease
>> [74.6 kB]
>>
>> Reading package lists... Done
>>
>> E: The repository 'https://deb.frrouting.org/frr
>> <https://deb.frrouting.org/frr> bionic Release' does not have a
>> Release file.
>>
>> N: Updating from such a repository can't be done securely, and is
>> therefore disabled by default.
>>
>> N: See apt-secure(8) manpage for repository creation and user
>> configuration details.
>>
>>
>>
>> Is there something you can fix ?
>>
>>
>>
>> Thanks,
>>
>> Eduard
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> dev mailing list
>> dev at lists.frrouting.org <mailto:dev at lists.frrouting.org>
>> https://lists.frrouting.org/listinfo/dev
>> <https://lists.frrouting.org/listinfo/dev>
>
> _______________________________________________
> dev mailing list
> dev at lists.frrouting.org
> https://lists.frrouting.org/listinfo/dev
> <https://lists.frrouting.org/listinfo/dev>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.frrouting.org/pipermail/dev/attachments/20211006/b09a2005/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4885 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.frrouting.org/pipermail/dev/attachments/20211006/b09a2005/attachment-0001.bin>
More information about the dev
mailing list