speedo Error 2, download swdb.lst failed

Peter Lebbing peter at digitalbrains.com
Wed Jun 21 19:11:43 CEST 2017 

On 21/06/17 17:14, murphy wrote:
> download of swdb.lst failed.

I think this is because of an expired certificate for versions.gnupg.org:

$ wget -S https://versions.gnupg.org/swdb.lst
--2017-06-21 19:11:03--  https://versions.gnupg.org/swdb.lst
Resolving versions.gnupg.org (versions.gnupg.org)...
2001:aa8:fff1:2100::56, 217.69.76.56
Connecting to versions.gnupg.org
(versions.gnupg.org)|2001:aa8:fff1:2100::56|:443... failed: Connection
refused.
Connecting to versions.gnupg.org
(versions.gnupg.org)|217.69.76.56|:443... connected.
ERROR: The certificate of ‘versions.gnupg.org’ is not trusted.
ERROR: The certificate of ‘versions.gnupg.org’ has expired.
The certificate has expired

$ gnutls-cli -p https versions.gnupg.org
Processed 175 CA certificate(s).
Resolving 'versions.gnupg.org'...
Connecting to '2001:aa8:fff1:2100::56:443'...
Cannot connect to 2001:aa8:fff1:2100::56:443: Connection refused
Connecting to '217.69.76.56:443'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
 - subject `CN=versions.gnupg.org', issuer `C=US,O=Let's
Encrypt,CN=Let's Encrypt Authority X3', RSA key 2048 bits, signed using
RSA-SHA256, activated `2017-03-22 09:00:00 UTC', expires `2017-06-20
09:00:00 UTC', SHA-1 fingerprint `57a54fb00d2eabc40afe221720b73fd3038e3929'
        Public Key ID:
                ee4ff057a2b9a377fd7c4499e48f535633ccf304
        Public key's random art:
                +--[ RSA 2048]----+
                |              E. |
                |               Bo|
                |              o.O|
                |               +=|
                |        S   . .=.|
                |       . o o oo o|
                |        . = .. o |
                |       . .oo. ...|
                |        o+oo   .+|
                +-----------------+

- Certificate[1] info:
 - subject `C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3', issuer
`O=Digital Signature Trust Co.,CN=DST Root CA X3', RSA key 2048 bits,
signed using RSA-SHA256, activated `2016-03-17 16:40:46 UTC', expires
`2021-03-17 16:40:46 UTC', SHA-1 fingerprint
`e6a3b45b062d509b3382282d196efe97d5956ccb'
- Status: The certificate is NOT trusted. The certificate chain uses
expired certificate.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed
GnuTLS error: Error in the certificate.


My guess is that certbot, the tool usually responsible for downloading
new Let's Encrypt! certificates, hasn't been able to get a new
certificate for a month, and a system administrator needs to look into
getting it to succesfully obtain a new one.

The webserver also seems to reject IPv6 connections, BTW. I can
succesfully open IPv6 https connections with gnutls-cli to other sites.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170621/e9712b2f/attachment.sig>

More information about the Gnupg-users mailing list