On 1/14/21 9:13 AM, Jochen Topf wrote:
> When I went to install JOSM, I got a certificate error trying to connect to
> josm.openstreetmap.de. Double checked with this site
> <
https://www.ionos.com/tools/ssl-checker> and it looks like something might be
> configured incorrectly.
The intermediate certificate for R3 is missing:
$ openssl s_client -connect josm.openstreetmap.de:443
CONNECTED(00000003)
depth=0 CN = josm.openstreetmap.de
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = josm.openstreetmap.de
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN = josm.openstreetmap.de
verify return:1
---
Certificate chain
0 s:CN = josm.openstreetmap.de
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
2 s:O = Digital Signature Trust Co., CN = DST Root CA X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
See also:
https://www.ssllabs.com/ssltest/analyze.html?d=josm.openstreetmap.de&s=95.216.72.248&hideResults=on&latestThe Let's Encrypt certificate chain from another site:
0 s:CN = example.com
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
That uses the fullchain.pem created by certbot for the apache
SSLCertificateFile.
Perhaps the apache configuration or LE client needs to be updated.
Kind Regards,
Bas
--
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1