webadmin-list

[webmin-l] Just a quick heads up...

[<eri...@tr...>]

Just a heads up.
Looks like the full chain isn’t in https://download.webmin.com/

>From Qualys:
1
Sent by server 
download.webmin.com 
Fingerprint SHA256:
b0cb5e8862cb4a3c69c9554567526a034e789295dce0ace02b7e83d9c315d56b
Pin SHA256: LF+viNntupChFQJF+AI05v1WeZ8DVhno5nlKJzwUONw= 
RSA 2048 bits (e 65537) / SHA256withRSA 
2
Extra download 
R3 
Fingerprint SHA256:
730c1bdcd85f57ce5dc0bba733e5f1ba5a925b2a771d640a26f7a454224dad3b
Pin SHA256: jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0= 
RSA 2048 bits (e 65537) / SHA256withRSA 
3
In trust store 
DST Root CA X3   Self-signed 
Fingerprint SHA256:
0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739
Pin SHA256: Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys= 
RSA 2048 bits (e 65537) / SHA1withRSA 
Weak or insecure signature, but no impact on root certificate

This is causing an error on Ubuntu 20.04 Focal apt updates.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

Re: [webmin-l] Just a quick heads up...

[Joaquim H. <jo...@we...>]

It's causing errors on Ubuntu 18.04.LTS too now:

Err:14 https://download.webmin.com/download/repository sarge Release
   Certificate verification failed: The certificate is NOT trusted. The 
certificate issuer is unknown.  Could not handshake: Error in the 
certificate verification. [IP: 108.60.199.109 443]
Reading package lists... Done
E: The repository 'https://download.webmin.com/download/repository sarge 
Release' no longer has a Release file.


On 2020-12-08 17:43, eri...@tr... wrote:
> Just a heads up.
> Looks like the full chain isn’t in https://download.webmin.com/

Re: [webmin-l] Just a quick heads up...

[Jamie C. <jca...@we...>]

Are you still seeing this? I just updated the cert on the site to use
the latest Let's Encrypt CA cert.

On the other hand, I heard that some clients don't support the new 
CA cert!

On 08/Dec/2020 14:08 Joaquim Homrighausen <jo...@we...> wrote ..
> 
> It's causing errors on Ubuntu 18.04.LTS too now:
> 
> Err:14 https://download.webmin.com/download/repository sarge Release
>    Certificate verification failed: The certificate is NOT trusted. The 
> certificate issuer is unknown.  Could not handshake: Error in the 
> certificate verification. [IP: 108.60.199.109 443]
> Reading package lists... Done
> E: The repository 'https://download.webmin.com/download/repository sarge 
> Release' no longer has a Release file.
> 
> 
> On 2020-12-08 17:43, eri...@tr... wrote:
> > Just a heads up.
> > Looks like the full chain isn’t in https://download.webmin.com/
> 
> 
> 
> -
> Forwarded by the Webmin mailing list at web...@li...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list

Re: [webmin-l] Just a quick heads up...

[Andrey R. <anr...@ya...>]

Greetings, Jamie Cameron!

> Are you still seeing this? I just updated the cert on the site to use
> the latest Let's Encrypt CA cert.

Seems fine http://prntscr.com/vynlda

> On the other hand, I heard that some clients don't support the new 
> CA cert!

>>
>> It's causing errors on Ubuntu 18.04.LTS too now:
>> 
>> Err:14 https://download.webmin.com/download/repository sarge Release
>>    Certificate verification failed: The certificate is NOT trusted. The 
>> certificate issuer is unknown.  Could not handshake: Error in the 
>> certificate verification. [IP: 108.60.199.109 443]
>> Reading package lists... Done
>> E: The repository 'https://download.webmin.com/download/repository sarge 
>> Release' no longer has a Release file.
>> 
>> 
>> On 2020-12-08 17:43, eri...@tr... wrote:
>> > Just a heads up.
>> > Looks like the full chain isn’t in https://download.webmin.com/


-- 
With best regards,
Andrey Repin
Wednesday, December 9, 2020 4:28:23

Sorry for my terrible english...

Re: [webmin-l] Just a quick heads up...

[Joaquim H. <jo...@we...>]

So far it looks good.


On 2020-12-08 23:49, Jamie Cameron wrote:
> Are you still seeing this? I just updated the cert on the site to use
> the latest Let's Encrypt CA cert.
>
> On the other hand, I heard that some clients don't support the new
> CA cert!
>

Re: [webmin-l] Just a quick heads up...

[<eri...@tr...>]

Jamie,

> Re: [webmin-l] Just a quick heads up...
> 
> Are you still seeing this? I just updated the cert on the site to use the latest Let's Encrypt CA cert.
> 
> On the other hand, I heard that some clients don't support the new CA cert!

I was still getting an error on 104.207.151.13.
I simply copied the intermediates to /usr/local/share/ca-certificates
You can download them here: https://letsencrypt.org/certificates/

If anyone else wants to know.
Once you download it, rename the .pem to .crt and run:
sudo /usr/sbin/update-ca-certificates

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300