Test fail
Hal Murray
halmurray at sonic.net
Sun Oct 19 18:46:48 UTC 2025
>> The client side does lots of logging.
>> Is there anything interesting in your logs?
> NTSc: certificate invalid: 20=>unable to get local issuer certificate
That says it can't find the root certificate for ntp1.glypnod.com
Everything else looks good.
ntp1 and ntp2 are also in ntp.glypnod.com. That's a slightly more
complicated case which might be confusing LibreSSL.
Try ntp4.glypnod.com
ntp1.glypnod.com is using Let's Encrypt. The root cert should be in your
root cert collection. So maybe LibreSSL isn't looking in the right place.
You can also try something like:
server ntp1.glypnod.com nts ca /etc/.../ISRG_Root_X1.pem
You will have to poke around on your system to find the right file.
That's probably the right file name so a simple locate might find it for
you. On my system (Fedora) it's in
/etc/pki/ca-trust/extracted/pem/directory-hash/ISRG_Root_X1.pem
--
These are my opinions. I hate spam.
More information about the devel
mailing list