Hello everyone.
I can't seem to find a way to use letsencrypt certificate with rsyslog.
i've attached samples of my configuration for client and server and the
logs that i get.
I'm not sure which CA file i should use ?
I've grabbed the root and the intermediate certificates from
https://letsencrypt.org/certificates/
Do you have any idea what am i doing wrong ?
Best Regards
$MaxMessageSize 2k
$PreserveFQDN off
$ModLoad imuxsock
$ModLoad imklog
$DefaultNetstreamDriver ossl # gtls
#$DefaultNetstreamDriverCAFile /etc/letsencrypt/ca/isrgrootx1.pem
$DefaultNetstreamDriverCAFile /etc/letsencrypt/ca/letsencryptauthorityx3.pem
#$DefaultNetstreamDriverCAFile /etc/letsencrypt/live/status/chain.pem
#$DefaultNetstreamDriverCertFile /etc/letsencrypt/live/status/fullchain.pem
$DefaultNetstreamDriverCertFile /etc/letsencrypt/live/status/cert.pem
$DefaultNetstreamDriverKeyFile /etc/letsencrypt/live/status/privkey.pem
$ModLoad imtcp
$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
$InputTCPServerStreamDriverAuthMode x509/name
$InputTCPServerRun 124
# Provide TCP log reception
$InputTCPServerStreamDriverPermittedPeer ["lumy.me","*.lumy.me","www.lumy.me"]
rsyslogd: SSL_ERROR_SSL Error in 'osslRecordRecv':
'error:00000001:lib(0):func(0):reason(1)(1)' with ret=-1 [v8.2010.0]
rsyslogd: OpenSSL Error Stack: error:14094418:SSL
routines:ssl3_read_bytes:tlsv1 alert unknown ca [v8.2010.0]
rsyslogd: netstream session 0x7f2f38005070 from 163.172.191.8 will be closed
due to error [v8.2010.0]
rsyslogd: SSL_ERROR_SSL Error in 'osslRecordRecv':
'error:00000001:lib(0):func(0):reason(1)(1)' with ret=-1 [v8.2010.0]
rsyslogd: OpenSSL Error Stack: error:14094418:SSL
routines:ssl3_read_bytes:tlsv1 alert unknown ca [v8.2010.0]
rsyslogd: netstream session 0x7f2f38005070 from 163.172.191.8 will be closed
due to error [v8.2010.0]
rsyslogd: SSL_ERROR_SSL Error in 'osslRecordRecv':
'error:00000001:lib(0):func(0):reason(1)(1)' with ret=-1 [v8.2010.0]
rsyslogd: OpenSSL Error Stack: error:14094418:SSL
routines:ssl3_read_bytes:tlsv1 alert unknown ca [v8.2010.0]
rsyslogd: netstream session 0x7f2f38005070 from 163.172.191.8 will be closed
due to error [v8.2010.0]
rsyslogd: SSL_ERROR_SSL Error in 'osslHandshakeCheck Server':
'error:00000001:lib(0):func(0):reason(1)(1)' with ret=-1 [v8.2010.0]
rsyslogd: OpenSSL Error Stack: error:14094418:SSL
routines:ssl3_read_bytes:tlsv1 alert unknown ca [v8.2010.0]
rsyslogd: netstream session 0x7f2f38005db0 from 163.172.191.8 will be closed
due to error [v8.2010.0 try https://www.rsyslog.com/e/2089 ]
Nov 12 13:47:09 www rsyslogd: [origin software="rsyslogd" swVersion="8.2010.0"
x-pid="9759" x-info="https://www.rsyslog.com";] start
Nov 12 13:47:09 www rsyslogd: nsd_ossl:TLS Connection initiated with remote
syslog server. [v8.2010.0]
Nov 12 13:47:09 www rsyslogd: Certificate error at depth: 1 issuer =
/C=US/O=Internet Security Research Group/CN=ISRG Root X1 subject =
/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 err 2:unable to get issuer
certificate [v8.2010.0]
Nov 12 13:47:09 www rsyslogd: SSL_ERROR_SSL Error in 'osslHandshakeCheck
Client': 'error:00000001:lib(0):func(0):reason(1)(1)' with ret=-1 [v8.2010.0]
Nov 12 13:47:09 www rsyslogd: OpenSSL Error Stack: error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed [v8.2010.0]
Nov 12 13:47:09 www rsyslogd: action 'action-1-builtin:omfwd' suspended (module
'builtin:omfwd'), retry 0. There should be messages before this one giving the
reason for suspension. [v8.2010.0 try https://www.rsyslog.com/e/2007 ]
Nov 12 13:47:09 www rsyslogd: nsd_ossl:TLS Connection initiated with remote
syslog server. [v8.2010.0]
Nov 12 13:47:09 www rsyslogd: Certificate error at depth: 1 issuer =
/C=US/O=Internet Security Research Group/CN=ISRG Root X1 subject =
/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 err 2:unable to get issuer
certificate [v8.2010.0]
Nov 12 13:47:09 www rsyslogd: SSL_ERROR_SSL Error in 'osslHandshakeCheck
Client': 'error:00000001:lib(0):func(0):reason(1)(1)' with ret=-1 [v8.2010.0]
Nov 12 13:47:09 www rsyslogd: OpenSSL Error Stack: error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed [v8.2010.0]
Nov 12 13:47:09 www rsyslogd: action 'action-1-builtin:omfwd' suspended (module
'builtin:omfwd'), next retry is Thu Nov 12 13:47:39 2020, retry nbr 0. There
should be messages before this one giving the reason for suspension. [v8.2010.0
try https://www.rsyslog.com/e/2007 ]
Nov 12 13:47:09 www rsyslogd: nsd_ossl:TLS Connection initiated with remote
syslog server. [v8.2010.0]
Nov 12 13:47:09 www rsyslogd: Certificate error at depth: 1 issuer =
/C=US/O=Internet Security Research Group/CN=ISRG Root X1 subject =
/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 err 2:unable to get issuer
certificate [v8.2010.0]
Nov 12 13:47:09 www rsyslogd: SSL_ERROR_SSL Error in 'osslHandshakeCheck
Client': 'error:00000001:lib(0):func(0):reason(1)(1)' with ret=-1 [v8.2010.0]
Nov 12 13:47:09 www rsyslogd: OpenSSL Error Stack: error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed [v8.2010.0]
Nov 12 13:47:09 www rsyslogd: action 'action-1-builtin:omfwd' suspended (module
'builtin:omfwd'), retry 1. There should be messages before this one giving the
reason for suspension. [v8.2010.0 try https://www.rsyslog.com/e/2007 ]
Nov 12 13:47:09 www rsyslogd: nsd_ossl:TLS Connection initiated with remote
syslog server. [v8.2010.0]
Nov 12 13:47:09 www rsyslogd: Certificate error at depth: 1 issuer =
/C=US/O=Internet Security Research Group/CN=ISRG Root X1 subject =
/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 err 2:unable to get issuer
certificate [v8.2010.0]
Nov 12 13:47:09 www rsyslogd: SSL_ERROR_SSL Error in 'osslHandshakeCheck
Client': 'error:00000001:lib(0):func(0):reason(1)(1)' with ret=-1 [v8.2010.0]
Nov 12 13:47:09 www rsyslogd: OpenSSL Error Stack: error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed [v8.2010.0]
$DefaultNetstreamDriver ossl # gtls
#$DefaultNetstreamDriverCAFile /etc/ssl/ca/isrgrootx1.pem
$DefaultNetstreamDriverCAFile /etc/ssl/ca/letsencryptauthorityx3.pem
#$DefaultNetstreamDriverCAFile /etc/rsyslog-keys/chain.pem
#$DefaultNetstreamDriverCAFile /etc/letsencrypt/live/www/chain.pem
#$DefaultNetstreamDriverCertFile /etc/letsencrypt/live/www/fullchain.pem
$DefaultNetstreamDriverCertFile /etc/letsencrypt/live/www/cert.pem
$DefaultNetstreamDriverKeyFile /etc/letsencrypt/live/www/privkey.pem
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer ["status.lumy.me","lumy.me","*.lumy.me"]
*.* @@status.lumy.me:124
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
