Actually I just now realized that the things are automated on the server. Certbot+nginx renews SSL certificates every 3 months. And currently keyserver uses the latest SSL certificate with automatically set up CA Root certificates. Even if I remove root certificate from the server it will be added again on renewal. Well again, I have latest gpg4win with latest gnupg and cannot connect to ANY keyserver that uses lets encrypt. BUT I can without any issues connect to my keyserver via GPG Suite for Mac OS, simple command line gpg client on my Ubuntu and CentOS servers. May be the issue is indeed bug in dirmngr ? From command line on windows cmd when I try to connect to keyserver the issue is the same.
Pretty weird that I can connect to one keyserver from everywhere except the windows tool... Sorry to bother you... It is just that I am trying to understand the way it may work from the box OR by adding some parameter to GnuPG System menu in Kleopatra configuration... I understand that previously there was some issue with lets encrypt certificates and it was fixed in gnupg 2.2.32 but I was using 2.3.4 version and now tried installing 2.2.32 instead and still no luck. The error is the same 2021-12-30 18:13:16 gpg[17256] DBG: chan_0x00000274 <- ERR 167772261 Certificate expired <Dirmngr> 2021-12-30 18:13:16 gpg[17256] error searching keyserver: Certificate expired 2021-12-30 18:13:16 gpg[17256] keyserver search failed: Certificate expired Oleksandr чт, 30 груд. 2021 р. о 16:44 Alex Nadtoka <alex.nadt...@gmail.com> пише: > Cool thanks. going to test it today > Yesterday tested also with GPG Suite on MacOS - works fine, so only > windows issue I think. > > чт, 30 груд. 2021 р. о 16:31 Werner Koch via Gnupg-users < > gnupg-users@gnupg.org> пише: > >> On Wed, 29 Dec 2021 21:33, Andrew Gallagher said: >> >> > OK, so you definitely need to solve the root certificate issue. >> >> This has been fixed with gnupg 2.2.32 - please get an update. The >> workaround is to delete the old LE certificate from your Root CA store. >> >> >> Salam-Shalom, >> >> Werner >> >> -- >> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users@gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users >> >
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
