Gpg4win LetsEncrypt issue

Alex Nadtoka alex.nadtoka at gmail.com
Wed Jan 5 09:42:46 CET 2022 

Ok for me the fix was by importing this intermediate certificate to
intermediates in user profile and local computer

https://letsencrypt.org/certs/lets-encrypt-r3.pem

I guess old r3 should be removed and new one added

Regards,
Oleksandr

ср, 5 січ. 2022 р. о 10:16 Alex Nadtoka <alex.nadtoka at gmail.com> пише:

> I found one such certificate and removed it but the issue is still there.
> Is there a way to enable more detailed debug mode so I can see the path for
> the certificate that dirmngr is using?
>
> Regards,
> Oleksandr
>
> ср, 5 січ. 2022 р. о 02:44 Anze Jensterle <anze at anze.dev> пише:
>
>> OK, I seem to have solved the issue.
>> @Alex Nadtoka <alex.nadtoka at gmail.com> Deleting the DST Root is not
>> needed. Make sure to delete the certificate name "Let's Encrypt X1" or
>> similar and "R3" from the user and system store. They are not stored under
>> "Trusted Roots" but under "Intermediate CAs". After I deleted all the old
>> cached intermediates I am able to use a keyserver again.
>>
>> Best,
>> Anze
>>
>> On Wed, Jan 5, 2022 at 1:26 AM Anze Jensterle <anze at anze.dev> wrote:
>>
>>> I am having the same issue on GnuPG version 2.3.4.
>>> If I have the DST root in my Trust Root Store I get Certificate expired,
>>> if I don't have it in there I get "No inquire callback in IPC" and Dirmngr
>>> logs "error connecting to 'https://keys.openpgp.org:443': Missing
>>> issuer certificate".
>>> Any idea why this would still happen?
>>>
>>> Best,
>>> Anze
>>>
>>> On Tue, Jan 4, 2022 at 3:46 PM Alex Nadtoka via Gnupg-users <
>>> gnupg-users at gnupg.org> wrote:
>>>
>>>> I do have isntalled ISRG Root X1 and  X2
>>>> But I noticed that DST Root CA X3 appeared again in the system...
>>>> weird. deleted it with admin privileges from entire PC
>>>>
>>>> вт, 4 січ. 2022 р. о 15:14 Andrew Gallagher via Gnupg-users <
>>>> gnupg-users at gnupg.org> пише:
>>>>
>>>>>
>>>>> On 4 Jan 2022, at 12:15, Alex Nadtoka <alex.nadtoka at gmail.com> wrote:
>>>>>
>>>>> yes thanks, tried disabling it but error was still there. So I
>>>>> deleted  DST Root CA X3 . At the mooment I see error from dirmngr
>>>>> 2.3.4: no CA certificate found
>>>>> And
>>>>> error searching keyserver: "No inquire callback in IPC"
>>>>> Not sure if it is still because of root certificate. Will try to
>>>>> google now
>>>>>
>>>>>
>>>>> You probably don’t have the new root certificate installed then. You
>>>>> should be able to download it from letsencrypt.org
>>>>>
>>>>> A
>>>>> _______________________________________________
>>>>> Gnupg-users mailing list
>>>>> Gnupg-users at gnupg.org
>>>>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>>>>>
>>>> _______________________________________________
>>>> Gnupg-users mailing list
>>>> Gnupg-users at gnupg.org
>>>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220105/819d5958/attachment-0001.html>

More information about the Gnupg-users mailing list