[tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

ben ben at bentasker.co.uk
Tue May 3 07:31:40 UTC 2022


>> Certificate verification failed: The certificate is NOT trusted. The 

>> certificate chain uses expired certificate.  Could not handshake: Error 

>> in the certificate verification. [IP: 95.216.163.36 443] 

>> 

> Maybe renew the key ?



The repo uses a LetsEncrypt certificate. 



Odds are, the OP's system's trust store is quite old and so still has the old root in place - LE's intermediate has multiple signatures and one of the roots expired last year.



Running



    sudo apt-get -y install ca-certificates



Should bring it up to date (assuming there's a relatively modern openssl in use - I think 1.0 will throw an error either way because it still tries to follow both forks in the chain and borks when it sees the expired cert).







-- 
Ben Tasker
https://www.bentasker.co.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20220503/46bd7d3d/attachment.htm>


More information about the tor-relays mailing list