Gergely

I am trying to do exactly what you have described in your last sentence: tricking Privoxy into using a key and certificate generated with Let's Encrypt, but I am not sure how to do that properly. You wrote „you need to put the files there using the right names (which you can get from the logs)”. Would you please elaborate, which files I have to put where and where I get the the correct names from?

This tricking is what I wanted to do. My config is ca-cert-file cacert.crt ca-key-file cakey.pem # ca-password - we do not have a password certificate-directory /usr/local/var/privoxy/certs ca-directory /usr/local/etc/privoxy/CA and I add the files, cakey.pem -----BEGIN EC PRIVATE KEY----- ... -----END EC PRIVATE KEY----- cacert.crt -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- to both /usr/local/var/privoxy/certs and /usr/local/etc/privoxy/CA. I expected this to work because following...

The goal is the same as described in #1750. Getting https redirects work, without any manual install of certificates on the client side. Instead of using a self-signed certificate generated for privoxy, and manually importing it into the browsers (as described in ticket #1750), I would like to use a trusted certificate for privoxy redirects in order to avoid manual imports. I assumed that using the Let's Encrypt generated certificate of a domain I own (let's say example.com), configuring local DNS...

https-inspection, Error: Issuer key doesn't match issuer certificate, follow-up to #1750

Yes, it did work in the end. There was an additional checkbox to check after the import. The ticket can be closed.

@fabiankeil imported the certificate into Firefox the import is successful firefox request facebook.com Secure connection failed and Firefox did not connect / HSTS https://support.mozilla.org/en-US/kb/secure-connection-failed-firefox-did-not-connect#w_hsts-required privoxy log for firefox request facebook.com privoxy | 2022-10-27 14:15:26.824 7fd413c60700 Connect: Accepted connection from 127.0.0.1 on socket 6 privoxy | 2022-10-27 14:15:26.825 7fd413c60700 Header: scan: CONNECT www.facebook.com:443...

1. add Privoxy's certificate to /home/nagy/yes/ssl/cacert.pem curl curl -x localhost:8118 -v --head https://www.facebook.com/ * Trying 127.0.0.1:8118... * Connected to localhost (127.0.0.1) port 8118 (#0) * allocate connect buffer! * Establish HTTP proxy tunnel to www.facebook.com:443 > CONNECT www.facebook.com:443 HTTP/1.1 > Host: www.facebook.com:443 > User-Agent: curl/7.71.1 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection established HTTP/1.1 200 Connection established < * Proxy replied...

@fabiankeil 1. add Privoxy's certificate to /home/nagy/yes/ssl/cacert.pem curl curl -x localhost:8118 -v --head https://www.facebook.com/ * Trying 127.0.0.1:8118... * Connected to localhost (127.0.0.1) port 8118 (#0) * allocate connect buffer! * Establish HTTP proxy tunnel to www.facebook.com:443 > CONNECT www.facebook.com:443 HTTP/1.1 > Host: www.facebook.com:443 > User-Agent: curl/7.71.1 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection established HTTP/1.1 200 Connection established <...