<div dir="ltr">Ok for me the fix was by importing this intermediate certificate to intermediates in user profile and local computer<br><br><a href="https://letsencrypt.org/certs/lets-encrypt-r3.pem">https://letsencrypt.org/certs/lets-encrypt-r3.pem</a><br><br>I guess old r3 should be removed and new one added<br><br>Regards,<br>Oleksandr</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">ср, 5 січ. 2022 р. о 10:16 Alex Nadtoka <<a href="mailto:alex.nadtoka@gmail.com">alex.nadtoka@gmail.com</a>> пише:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">I found one such certificate and removed it but the issue is still there. Is there a way to enable more detailed debug mode so I can see the path for the certificate that dirmngr is using? <br><br>Regards,<br>Oleksandr</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">ср, 5 січ. 2022 р. о 02:44 Anze Jensterle <<a href="mailto:anze@anze.dev" target="_blank">anze@anze.dev</a>> пише:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">OK, I seem to have solved the issue.<div><a class="gmail_plusreply" id="gmail-m_-2160202977355646609gmail-m_-7123543781887757439plusReplyChip-0" href="mailto:alex.nadtoka@gmail.com" target="_blank">@Alex Nadtoka</a> Deleting the DST Root is not needed. Make sure to delete the certificate name "Let's Encrypt X1" or similar and "R3" from the user and system store. They are not stored under "Trusted Roots" but under "Intermediate CAs". After I deleted all the old cached intermediates I am able to use a keyserver again.<br></div><div><br></div><div>Best,</div><div>Anze</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jan 5, 2022 at 1:26 AM Anze Jensterle <<a href="mailto:anze@anze.dev" target="_blank">anze@anze.dev</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">I am having the same issue on GnuPG version 2.3.4.<div>If I have the DST root in my Trust Root Store I get Certificate expired, if I don't have it in there I get "No inquire callback in IPC" and Dirmngr logs "error connecting to '<a href="https://keys.openpgp.org:443" target="_blank">https://keys.openpgp.org:443</a>': Missing issuer certificate".</div><div>Any idea why this would still happen?</div><div><br></div><div>Best,</div><div>Anze</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jan 4, 2022 at 3:46 PM Alex Nadtoka via Gnupg-users <<a href="mailto:gnupg-users@gnupg.org" target="_blank">gnupg-users@gnupg.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr">I do have isntalled ISRG Root X1 and X2<br>But I noticed that <span style="color:rgb(79,79,79);font-family:Arial,Tahoma,Verdana;font-size:15px">DST Root CA X3 appeared again in the system... weird. deleted it with admin privileges from entire PC</span></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">вт, 4 січ. 2022 р. о 15:14 Andrew Gallagher via Gnupg-users <<a href="mailto:gnupg-users@gnupg.org" target="_blank">gnupg-users@gnupg.org</a>> пише:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><br><div dir="ltr"><blockquote type="cite">On 4 Jan 2022, at 12:15, Alex Nadtoka <<a href="mailto:alex.nadtoka@gmail.com" target="_blank">alex.nadtoka@gmail.com</a>> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr">yes thanks, tried disabling it but error was still there. So I deleted
<span style="color:rgb(79,79,79);font-family:Arial,Tahoma,Verdana;font-size:15px">DST Root CA X3 . At the mooment I see error from dirmngr 2.3.4: no CA certificate found </span><br>And <br><span style="color:rgb(36,41,47);font-family:ui-monospace,SFMono-Regular,"SF Mono",Menlo,Consolas,"Liberation Mono",monospace;font-size:12px;white-space:pre-wrap"> </span>error searching keyserver: <span style="box-sizing:border-box;font-family:ui-monospace,SFMono-Regular,"SF Mono",Menlo,Consolas,"Liberation Mono",monospace;font-size:12px;white-space:pre-wrap">"No inquire callback in IPC"
</span><br>Not sure if it is still because of root certificate. Will try to google now</div></blockquote><br><div>You probably don’t have the new root certificate installed then. You should be able to download it from <a href="http://letsencrypt.org" target="_blank">letsencrypt.org</a></div><div><br></div><div>A</div></div>_______________________________________________<br>
Gnupg-users mailing list<br>
<a href="mailto:Gnupg-users@gnupg.org" target="_blank">Gnupg-users@gnupg.org</a><br>
<a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" rel="noreferrer" target="_blank">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br>
</blockquote></div>
_______________________________________________<br>
Gnupg-users mailing list<br>
<a href="mailto:Gnupg-users@gnupg.org" target="_blank">Gnupg-users@gnupg.org</a><br>
<a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" rel="noreferrer" target="_blank">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br>
</blockquote></div>
</blockquote></div>
</blockquote></div>
</blockquote></div>