Closed m-hume closed 10 months ago
Did save my day, THANKS!
I had to downgrade a few ER-X from 2.0.9 to 1.10.11 because of stability issues, the above fix will still work. Also adding a system-wide fix from https://community.ui.com/questions/Fix-Solution-Lets-Encrypt-DST-Root-CA-X3-Expiration-Problems-with-IDS-IPS-Signature-Updates-HTTPS-E/0404a626-1a77-4d6c-9b4c-17ea3dea641d?page=1
sudo -i
sed -i 's|^mozilla\/DST_Root_CA_X3\.crt|!mozilla/DST_Root_CA_X3.crt|' /etc/ca-certificates.conf
curl -sk https://letsencrypt.org/certs/isrgrootx1.pem -o /usr/local/share/ca-certificates/ISRG_Root_X1.crt
update-ca-certificates --fresh
@j-c-m should probably add those steps into the installation instructions, at least for EdgeOS 1.x.
0b6acca now incorporates the cacert bundle update in the install/update script!
I currently run EdgeRouter ER-X/ER-X-SFP/EP-R6: Firmware v1.10.10 on several devices Recently the following error is given (with
--debug 3
)SSL certificate problem: unable to get local issuer certificate
curl
is using an out of datecacert.pem
for SSL communicationsHope this saves someone some time mh