cloudflare refers NTS users to wrong page
Hal Murray
hmurray at megapathdsl.net
Fri Dec 13 11:37:27 UTC 2019
> Dec 13 11:07:18 sp2 ntpd[1582985]: NTSc: certificate issuer name:
/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
> Dec 13 11:07:18 sp2 ntpd[1582985]: NTSc: certificate invalid: 20=>unable to get local issuer certificate
> Dec 13 11:07:18 sp2 ntpd[1582985]: NTSc: NTS-KE req to ntp2.glypnod.com took 0.086 sec, fail
I don't know what's wrong. This is the first time I've seen something like
this. That stuff is buried deep inside libssl.
Are you using a chroot jail? If so, does it let ntpd see the root certs?
----------
ntp2 is using a certificate by Let's Encrypt
It works from here:
$ openssl s_client -showcerts -quiet ntp2.glypnod.com:123
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = ntp2.glypnod.com
verify return:1
$
It doesn't say "good", but testing on a self-signed certificate says:
verify error:num=20:unable to get local issuer certificate
I guess we are supposed to assume it's OK unless there is a nasty message.
--
These are my opinions. I hate spam.
More information about the devel
mailing list