Closed uniquenepalhumepipe closed 2 years ago
It's hard to do remote debugging with just this few information. However since you mentioned openssl verify
, I guess that your openssl is validating against the DST Root CA X3
certificate, which has actually expired in September 2021, so formally the certificate chain is invalid.
You can download the ISRG Root X1
certificate, and then use this one as root certificate for validation:
openssl verify -CAfile <(cat lets-encrypt-r3.pem isrgrootx1.pem) cert.pem
cert.pem: OK
cert.pem
is the certificate chain stored by blynk. lets-encrypt-r3.pem
is the intermediate certificate, which is the second certificate in the cert.pem
chain, but can also be downloaded from the page linked above.
Maybe this link is helpful as well: https://community.letsencrypt.org/t/rhel-centos-6-openssl-client-compatibility-after-dst-root-ca-x3-expiration/161032
Thanks for the help :). OpenSSL was the issue. Thank You
I have issued a certificate from Acme4j but I if i try to verify it with openssl verify. It gave me unable to get local issuer certificate error. I am using the implementation of Acme4j from blynk-server https://github.com/blynkkk/blynk-server/blob/master/server/acme/src/main/java/cc/blynk/server/acme/AcmeClient.java https://github.com/blynkkk/blynk-server/blob/master/server/launcher/src/main/java/cc/blynk/server/workers/CertificateRenewalWorker.java