Gpg4win LetsEncrypt issue

Alex Nadtoka alex.nadtoka at gmail.com
Wed Jan 5 09:16:52 CET 2022 

I found one such certificate and removed it but the issue is still there.
Is there a way to enable more detailed debug mode so I can see the path for
the certificate that dirmngr is using?

Regards,
Oleksandr

ср, 5 січ. 2022 р. о 02:44 Anze Jensterle <anze at anze.dev> пише:

> OK, I seem to have solved the issue.
> @Alex Nadtoka <alex.nadtoka at gmail.com> Deleting the DST Root is not
> needed. Make sure to delete the certificate name "Let's Encrypt X1" or
> similar and "R3" from the user and system store. They are not stored under
> "Trusted Roots" but under "Intermediate CAs". After I deleted all the old
> cached intermediates I am able to use a keyserver again.
>
> Best,
> Anze
>
> On Wed, Jan 5, 2022 at 1:26 AM Anze Jensterle <anze at anze.dev> wrote:
>
>> I am having the same issue on GnuPG version 2.3.4.
>> If I have the DST root in my Trust Root Store I get Certificate expired,
>> if I don't have it in there I get "No inquire callback in IPC" and Dirmngr
>> logs "error connecting to 'https://keys.openpgp.org:443': Missing issuer
>> certificate".
>> Any idea why this would still happen?
>>
>> Best,
>> Anze
>>
>> On Tue, Jan 4, 2022 at 3:46 PM Alex Nadtoka via Gnupg-users <
>> gnupg-users at gnupg.org> wrote:
>>
>>> I do have isntalled ISRG Root X1 and  X2
>>> But I noticed that DST Root CA X3 appeared again in the system...
>>> weird. deleted it with admin privileges from entire PC
>>>
>>> вт, 4 січ. 2022 р. о 15:14 Andrew Gallagher via Gnupg-users <
>>> gnupg-users at gnupg.org> пише:
>>>
>>>>
>>>> On 4 Jan 2022, at 12:15, Alex Nadtoka <alex.nadtoka at gmail.com> wrote:
>>>>
>>>> yes thanks, tried disabling it but error was still there. So I deleted  DST
>>>> Root CA X3 . At the mooment I see error from dirmngr 2.3.4: no CA
>>>> certificate found
>>>> And
>>>> error searching keyserver: "No inquire callback in IPC"
>>>> Not sure if it is still because of root certificate. Will try to google
>>>> now
>>>>
>>>>
>>>> You probably don’t have the new root certificate installed then. You
>>>> should be able to download it from letsencrypt.org
>>>>
>>>> A
>>>> _______________________________________________
>>>> Gnupg-users mailing list
>>>> Gnupg-users at gnupg.org
>>>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>>>>
>>> _______________________________________________
>>> Gnupg-users mailing list
>>> Gnupg-users at gnupg.org
>>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220105/4d767c0f/attachment.html>

More information about the Gnupg-users mailing list