Zertifikatsproblem

[Sebastiaan Couwenberg]

On 1/14/21 9:13 AM, Jochen Topf wrote:
> When I went to install JOSM, I got a certificate error trying to connect to
> josm.openstreetmap.de. Double checked with this site
> <https://www.ionos.com/tools/ssl-checker> and it looks like something might be
> configured incorrectly.

The intermediate certificate for R3 is missing:

$ openssl s_client -connect josm.openstreetmap.de:443
CONNECTED(00000003)
depth=0 CN = josm.openstreetmap.de
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = josm.openstreetmap.de
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN = josm.openstreetmap.de
verify return:1
---
Certificate chain
 0 s:CN = josm.openstreetmap.de
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
 2 s:O = Digital Signature Trust Co., CN = DST Root CA X3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---

See also:

 https://www.ssllabs.com/ssltest/analyze.html?d=josm.openstreetmap.de&s=95.216.72.248&hideResults=on&latest

The Let's Encrypt certificate chain from another site:

 0 s:CN = example.com
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3

That uses the fullchain.pem created by certbot for the apache
SSLCertificateFile.

Perhaps the apache configuration or LE client needs to be updated.

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1