Udo van den Heuvel via devel writes: > Ah, thanks, then I find: > > NTSc: certificate invalid: 10=>certificate has expired
How about you post the log for the whole key exchange and not always just a single line and the another one in the next mail? Here's what that looks like here: 2020-02-23T07:38:09 ntpd[1882]: NTSc: DNS lookup of pi3.rellim.com took 0.002 sec 2020-02-23T07:38:09 ntpd[1882]: NTSc: nts_probe connecting to pi3.rellim.com:123 => 204.17.205.23:123 2020-02-23T07:38:09 ntpd[1882]: NTSc: set cert host: pi3.rellim.com 2020-02-23T07:38:09 ntpd[1882]: NTSc: Using TLSv1.3, TLS_AES_256_GCM_SHA384 (256) 2020-02-23T07:38:09 ntpd[1882]: NTSc: certificate subject name: /CN=pi3.rellim.com 2020-02-23T07:38:09 ntpd[1882]: NTSc: certificate issuer name: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 2020-02-23T07:38:09 ntpd[1882]: NTSc: certificate is valid. 2020-02-23T07:38:09 ntpd[1882]: NTSc: Good ALPN ntske/1 (7) from pi3.rellim.com 2020-02-23T07:38:09 ntpd[1882]: NTSc: read 880 bytes 2020-02-23T07:38:09 ntpd[1882]: NTSc: Got 8 cookies, length 104, aead=15. 2020-02-23T07:38:09 ntpd[1882]: NTSc: NTS-KE req to pi3.rellim.com took 0.752 sec, OK > is that a local expiration or a remote one? It's always the expiration of the certificate from the remote end, potentially followed through the cert chain. However, it is extremely unlikely that any of the intermediate certs has expired, that would instantly kill every cert signed by that CA. Unless you've set up your own CA, you don't have a local cert for anything anyway. Based on you past failure reports I'd suggest that something's amiss with the setup of your chroot environment again. Either that or your clock is way off into the future. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Factory and User Sound Singles for Waldorf Blofeld: http://Synth.Stromeko.net/Downloads.html#WaldorfSounds _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
