Unfortunately, I don't have any backup of the original cert.pem file. So I wonder if I'm correct with this: I will get a new cert.pem if I upgrade the os (current version is 6.3) to 6.4, and then, before merging the new one, I could test similar to what you told me.
==================== I am just now suddenly wondering: - when I upgrade the os, I get a new cert.pem -- correct? - Therefore I have to add again other certificates to the "new" cert.pem. -- correct? - And the old cert.pem is no longer needed so there's no need to "merge" the old cert.pem or any other. -- correct? ===================== So could the merging wrong one have caused the issue? Thank you, TronDD. On 29/10/2018 00:20, TronDD wrote: > > > On October 28, 2018 12:09:02 AM EDT, "연락 연락" <rdansdml....@outlook.com> wrote: >> Thank you indeed for your reply, trondd. >> Yes, I added certificate(s) to cert.pem, probably more than one time so >> far. >> But the size looks not much bigger than normal one that I see from >> another host. >> size of the cert.pem modified(?): 357*** >> size of cert.pem I see from another host where I didn't add anything to >> >> the cert.pem: 349*** >> >> Do you think 357*** is too big? >> How did you solve the issue? >> What can I do if something went wrong when I added certificates or when >> >> upgrading openbsd and adding the certificates again? >> > > Put the original cert.pem back and see if it solves the issue first. > > >> If the router/gateway before the host has been changed so the cert.pem >> of the gateway is not the same of the previous one, can it be also a >> matter? >> >> > > The cert.pem only matters on the machine making the SSL connection. > > >> On 28/10/2018 04:54, trondd wrote: >>> On Sat, October 27, 2018 6:19 am, ì*°ë*½ ì*°ë*½ wrote: >>>> Dear misc, >>>> >>>> I am getting an error saying "ssl verify memory setup failure" >> whenever >>>> I try to renew existing certificates on a host -- Openbsd 6.3, >> httpd, >>>> acme-client. >>>> Recently there were changes in a few configurations, including >> network, >>>> name servers, etc. >>>> >>>> The below is all I get when I try command acme-clilent -vv >> example.com: >>>> >>>> ..domain key >>>> ..account key >>>> ..cert ...days left >>>> ..directory >>>> ..DNS: (some ip) >>>> (some ip):tls_connect_socket: acme-v01.api.letsencrypt.org, ssl >> verify >>>> memory setup failure >>>> ..bad comm >>>> bad exit... >>>> >>>> Could someone let me know what could cause the ssl verify memory >> setup >>>> failure, or if the memory setup failure could be some kind of common >>>> error, such as something occurred by memory configuration, such as >> in >>>> login.conf? >>>> >>>> For your information, those worked before. Recently thinking about >>>> hardware issues, especially for RAM. >>>> Because I can't share detailed configurations, names, etc., I am >>>> wondering if someone could kindly give some advice on the above >>>> information. >>>> >>>> Any help and your time would be greatly appreciated indeed. >>>> >>> >>> Did you modify certs.pem? I've run into this when accidentally >> adding >>> certs multiple times growing the file too big or writing a DOS >> formatted >>> cert to it. >>>
