<div dir="ltr">Actually I just now realized that the things are automated on the server. Certbot+nginx renews SSL certificates every 3 months. And currently keyserver uses the latest SSL certificate with automatically set up CA Root certificates. Even if I remove root certificate from the server it will be added again on renewal. Well again, I have latest gpg4win with latest gnupg and cannot connect to ANY keyserver that uses lets encrypt. BUT I can without any issues connect to my keyserver via GPG Suite for Mac OS, simple command line gpg client on my Ubuntu and CentOS servers. <br>May be the issue is indeed bug in dirmngr ? From command line on windows cmd when I try to connect to keyserver the issue is the same. <br><br>Pretty weird that I can connect to one keyserver from everywhere except the windows tool... <br>Sorry to bother you... It is just that I am trying to understand the way it may work from the box OR by adding some parameter to <span style="white-space:pre-wrap">GnuPG System menu in Kleopatra configuration... I understand that previously there was some issue with lets encrypt certificates and it was fixed in </span>
gnupg 2.2.32 but I was using 2.3.4 version and now tried installing
2.2.32 instead and still no luck. The error is the same<br><br>2021-12-30 18:13:16 gpg[17256] DBG: chan_0x00000274 <- ERR 167772261 Certificate expired <Dirmngr><br>2021-12-30 18:13:16 gpg[17256] error searching keyserver: Certificate expired<br>2021-12-30 18:13:16 gpg[17256] keyserver search failed: Certificate expired<br><br>Oleksandr</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">чт, 30 груд. 2021 р. о 16:44 Alex Nadtoka <<a href="mailto:alex.nadtoka@gmail.com">alex.nadtoka@gmail.com</a>> пише:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Cool thanks. going to test it today<br>Yesterday tested also with GPG Suite on MacOS - works fine, so only windows issue I think. </div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">чт, 30 груд. 2021 р. о 16:31 Werner Koch via Gnupg-users <<a href="mailto:gnupg-users@gnupg.org" target="_blank">gnupg-users@gnupg.org</a>> пише:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Wed, 29 Dec 2021 21:33, Andrew Gallagher said:<br>
<br>
> OK, so you definitely need to solve the root certificate issue. <br>
<br>
This has been fixed with gnupg 2.2.32 - please get an update. The<br>
workaround is to delete the old LE certificate from your Root CA store.<br>
<br>
<br>
Salam-Shalom,<br>
<br>
Werner<br>
<br>
-- <br>
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.<br>
_______________________________________________<br>
Gnupg-users mailing list<br>
<a href="mailto:Gnupg-users@gnupg.org" target="_blank">Gnupg-users@gnupg.org</a><br>
<a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" rel="noreferrer" target="_blank">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br>
</blockquote></div>
</blockquote></div>