> Dec 13 11:07:18 sp2 ntpd[1582985]: NTSc: certificate issuer name: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 > Dec 13 11:07:18 sp2 ntpd[1582985]: NTSc: certificate invalid: 20=>unable to > get local issuer certificate > Dec 13 11:07:18 sp2 ntpd[1582985]: NTSc: NTS-KE req to ntp2.glypnod.com took > 0.086 sec, fail
I don't know what's wrong. This is the first time I've seen something like this. That stuff is buried deep inside libssl. Are you using a chroot jail? If so, does it let ntpd see the root certs? ---------- ntp2 is using a certificate by Let's Encrypt It works from here: $ openssl s_client -showcerts -quiet ntp2.glypnod.com:123 depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 depth=0 CN = ntp2.glypnod.com verify return:1 $ It doesn't say "good", but testing on a self-signed certificate says: verify error:num=20:unable to get local issuer certificate I guess we are supposed to assume it's OK unless there is a nasty message. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
