On 29/07/2021 08:41, Rainer Fiebig via Gnupg-users wrote:
Am 28.07.21 um 21:38 schrieb Ingo Klöcker:On Mittwoch, 28. Juli 2021 18:38:07 CEST Rainer Fiebig via Gnupg-users
wrote: >>
Does 'gpg --keyserver hkps://pgpkeys.eu --search-keys ...' work for you?No, same output as reported initially.
The common problem is the LetsEncrypt R3 certificate.
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: CN=keys.openpgp.org * start date: Jul 26 04:32:08 2021 GMT * expire date: Oct 24 04:32:06 2021 GMT * subjectAltName: host "keys.openpgp.org" matched cert's "keys.openpgp.org" * issuer: C=US; O=Let's Encrypt; CN=R3 * SSL certificate verify ok.
...
Looks OK to me. The Let's Encrypt certificate is recognized and verified. Or what do you think?
I think it looks like dirmngr isn't using the same set of CAs that curl is using.
The missing root certificate is:
2021-07-28 16:06:50 dirmngr[4135.6] issuer certificate: #/CN=DST Root
CA
Can you confirm that /etc/ssl/certs/DST_Root_CA_X3.pem exists on your machine and has the following checksum?X3,O=Digital Signature Trust Co.
``` andrewg@whippet:~$ sha256sum /etc/ssl/certs/DST_Root_CA_X3.pem139a5e4a4e0fa505378c72c5f700934ce8333f4e6b1b508886c4b0eb14f4be99 /etc/ssl/certs/DST_Root_CA_X3.pem
```Also, is your system clock correct? (long shot, but always worth asking when debugging TLS cert issues)
-- Andrew Gallagher
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
