jms1voalte
commented
1 week ago This is by design.
The certificate for api-0.core.keybaseapi.com was issued by a private CA, owned by Keybase. (This is true of other hostnames that the client is meant to connect to, but the public normally does not.) The clients contain a copy of the CA certificate, and use this instead of the usual system-wide list of trusted root certs, so they are able to verify the certificate, but "normal" SSL clients (such as web browsers, curl, or openssl s_client) won't be able to verify it. They do this in order to detect MITM (man-in-the-middle) attacks, including nosy ISPs and corporate monitoring systems.
If you're getting this message from a Keybase client, make sure you're using a current version of the client. The CA certificate that Keybase was using before expired on 2023-12-31, current clients all use a new one.
If you're getting this from some other software that's trying to use the Keybase API directly, you may want to get the CA certificate that the client uses (it's in go/libkb/ca.go in the source) and make your software use that to verify the server's certificate.
Otherwise ... you didn't include any information that might make it easier for people to help you, i.e. which version of the client software you're using, on which platform. Please don't take this the wrong way, but you may want to read through http://www.catb.org/~esr/faqs/smart-questions.html if you haven't done so lately. (I re-read it once or twice a year, sometimes I forget to include details when I ask questions as well.)
Good luck.
Similar error message for all endpoints.
API_NETWORKERROR: ERROR CODE 1601 - API network error: Post "https://api-0.core.keybaseapi.com//api/1.0/logdump/send.json": x509: certificate signed by unknown authority in method keybase.1.config.logSend
Ping: @chrisnojima to separate this report from spam that fills github issues.