Mentat Posted June 4, 2022 Share #1 Posted June 4, 2022 My Xpenology was working smootly (DSM 6.2.3-25426 Update 3) with Jun's loader 1.03b on my HP Microserver Gen8 Out of the sudden, Pi-Hole in the docker started to have problems and also my entire LAN, as it was the DNS. I've managed to fix the network by using Google DNS on the router, but now I have a problem: I cannot acces any https sites from the interface (see Packages) or from SSH. I've copy the newest certificates from https://curl.se/ca/cacert.pem to /etc/ssl/certs/ca-certificates.crt and rebooted, but no luck! I can access my NAS from outside via https, but I cannot access any site via https from my NAS and I have no idea why I have this problem out of the blue. wget https://pkgupdate.synology.com/packagecenter/v2/getList --2022-06-04 22:12:45-- https://pkgupdate.synology.com/packagecenter/v2/getList Resolving pkgupdate.synology.com... 54.192.235.51, 54.192.235.128, 54.192.235.17, ... Connecting to pkgupdate.synology.com|54.192.235.51|:443... connected. Unable to establish SSL connection. curl https://curl.se/ca/cacert.pem curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to curl.se:443 Quote Link to comment Share on other sites More sharing options...
Mentat Posted June 4, 2022 Author Share #2 Posted June 4, 2022 I've checked the existing certificates and lot are expired, but I do not know if this is the cause ./ssl_check.sh /etc/ssl/certs/ACCVRAIZ1.pem: OK /etc/ssl/certs/ACEDICOM_Root.pem: OK /etc/ssl/certs/AC_Raíz_Certicámara_S.A..pem: OK /etc/ssl/certs/Actalis_Authentication_Root_CA.pem: OK /etc/ssl/certs/AddTrust_External_Root.pem: C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/AddTrust_Low-Value_Services_Root.pem: C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Class 1 CA Root error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/AddTrust_Public_Services_Root.pem: C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Public CA Root error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/AddTrust_Qualified_Certificates_Root.pem: C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Qualified CA Root error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/AffirmTrust_Commercial.pem: OK /etc/ssl/certs/AffirmTrust_Networking.pem: OK /etc/ssl/certs/AffirmTrust_Premium.pem: OK /etc/ssl/certs/AffirmTrust_Premium_ECC.pem: OK /etc/ssl/certs/ApplicationCA_-_Japanese_Government.pem: C = JP, O = Japanese Government, OU = ApplicationCA error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/Atos_TrustedRoot_2011.pem: OK /etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem: OK /etc/ssl/certs/Baltimore_CyberTrust_Root.pem: OK /etc/ssl/certs/Buypass_Class_2_CA_1.pem: C = NO, O = Buypass AS-983163327, CN = Buypass Class 2 CA 1 error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/Buypass_Class_2_Root_CA.pem: OK /etc/ssl/certs/Buypass_Class_3_Root_CA.pem: OK /etc/ssl/certs/CA_Disig.pem: C = SK, L = Bratislava, O = Disig a.s., CN = CA Disig error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/CA_Disig_Root_R1.pem: OK /etc/ssl/certs/CA_Disig_Root_R2.pem: OK /etc/ssl/certs/CA_WoSign_ECC_Root.pem: OK /etc/ssl/certs/CFCA_EV_ROOT.pem: OK /etc/ssl/certs/CNNIC_ROOT.pem: OK /etc/ssl/certs/COMODO_Certification_Authority.pem: OK /etc/ssl/certs/COMODO_ECC_Certification_Authority.pem: OK /etc/ssl/certs/COMODO_RSA_Certification_Authority.pem: OK /etc/ssl/certs/Camerfirma_Chambers_of_Commerce_Root.pem: OK /etc/ssl/certs/Camerfirma_Global_Chambersign_Root.pem: OK /etc/ssl/certs/Certification_Authority_of_WoSign_G2.pem: OK /etc/ssl/certs/Certigna.pem: OK /etc/ssl/certs/Certinomis_-_Autorité_Racine.pem: OK /etc/ssl/certs/Certinomis_-_Root_CA.pem: OK /etc/ssl/certs/Certplus_Class_2_Primary_CA.pem: C = FR, O = Certplus, CN = Class 2 Primary CA error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/Certum_Root_CA.pem: OK /etc/ssl/certs/Certum_Trusted_Network_CA.pem: OK /etc/ssl/certs/Chambers_of_Commerce_Root_-_2008.pem: OK /etc/ssl/certs/China_Internet_Network_Information_Center_EV_Certificates_Root.pem: OK /etc/ssl/certs/ComSign_CA.pem: OK /etc/ssl/certs/Comodo_AAA_Services_root.pem: OK /etc/ssl/certs/Comodo_Secure_Services_root.pem: OK /etc/ssl/certs/Comodo_Trusted_Services_root.pem: OK /etc/ssl/certs/Cybertrust_Global_Root.pem: O = "Cybertrust, Inc", CN = Cybertrust Global Root error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_2009.pem: OK /etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_EV_2009.pem: OK /etc/ssl/certs/DST_ACES_CA_X6.pem: C = US, O = Digital Signature Trust, OU = DST ACES, CN = DST ACES CA X6 error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/DST_Root_CA_X3.pem: O = Digital Signature Trust Co., CN = DST Root CA X3 error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/Deutsche_Telekom_Root_CA_2.pem: C = DE, O = Deutsche Telekom AG, OU = T-TeleSec Trust Center, CN = Deutsche Telekom Root CA 2 error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/DigiCert_Assured_ID_Root_CA.pem: OK /etc/ssl/certs/DigiCert_Assured_ID_Root_G2.pem: OK /etc/ssl/certs/DigiCert_Assured_ID_Root_G3.pem: OK /etc/ssl/certs/DigiCert_Global_Root_CA.pem: OK /etc/ssl/certs/DigiCert_Global_Root_G2.pem: OK /etc/ssl/certs/DigiCert_Global_Root_G3.pem: OK /etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.pem: OK /etc/ssl/certs/DigiCert_Trusted_Root_G4.pem: OK /etc/ssl/certs/E-Tugra_Certification_Authority.pem: OK /etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem: CN = EBG Elektronik Sertifika Hizmet Sa\C4\9Flay\C4\B1c\C4\B1s\C4\B1, O = EBG Bili\C5\9Fim Teknolojileri ve Hizmetleri A.\C5\9E., C = TR error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/EC-ACC.pem: OK /etc/ssl/certs/EE_Certification_Centre_Root_CA.pem: OK /etc/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.pem: OK /etc/ssl/certs/Entrust_Root_Certification_Authority.pem: OK /etc/ssl/certs/Entrust_Root_Certification_Authority_-_EC1.pem: OK /etc/ssl/certs/Entrust_Root_Certification_Authority_-_G2.pem: OK /etc/ssl/certs/Equifax_Secure_CA.pem: C = US, O = Equifax, OU = Equifax Secure Certificate Authority error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/Equifax_Secure_Global_eBusiness_CA.pem: C = US, O = Equifax Secure Inc., CN = Equifax Secure Global eBusiness CA-1 error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/Equifax_Secure_eBusiness_CA_1.pem: C = US, O = Equifax Secure Inc., CN = Equifax Secure eBusiness CA-1 error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/GeoTrust_Global_CA.pem: C = US, O = GeoTrust Inc., CN = GeoTrust Global CA error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/GeoTrust_Global_CA_2.pem: C = US, O = GeoTrust Inc., CN = GeoTrust Global CA 2 error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/GeoTrust_Primary_Certification_Authority.pem: OK /etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G2.pem: OK /etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G3.pem: OK /etc/ssl/certs/GeoTrust_Universal_CA.pem: OK /etc/ssl/certs/GeoTrust_Universal_CA_2.pem: OK /etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R4.pem: OK /etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R5.pem: OK /etc/ssl/certs/GlobalSign_Root_CA.pem: OK /etc/ssl/certs/GlobalSign_Root_CA_-_R2.pem: OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/GlobalSign_Root_CA_-_R3.pem: OK /etc/ssl/certs/Global_Chambersign_Root_-_2008.pem: OK /etc/ssl/certs/Go_Daddy_Class_2_CA.pem: OK /etc/ssl/certs/Go_Daddy_Root_Certificate_Authority_-_G2.pem: OK /etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem: OK /etc/ssl/certs/Hongkong_Post_Root_CA_1.pem: OK /etc/ssl/certs/IGC_A.pem: C = FR, ST = France, L = Paris, O = PM/SGDN, OU = DCSSI, CN = IGC/A, emailAddress = igca@sgdn.pm.gouv.fr error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/IdenTrust_Commercial_Root_CA_1.pem: OK /etc/ssl/certs/IdenTrust_Public_Sector_Root_CA_1.pem: OK /etc/ssl/certs/Izenpe.com.pem: OK /etc/ssl/certs/Juur-SK.pem: emailAddress = pki@sk.ee, C = EE, O = AS Sertifitseerimiskeskus, CN = Juur-SK error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/Microsec_e-Szigno_Root_CA.pem: C = HU, L = Budapest, O = Microsec Ltd., OU = e-Szigno CA, CN = Microsec e-Szigno Root CA error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/Microsec_e-Szigno_Root_CA_2009.pem: OK /etc/ssl/certs/NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem: OK /etc/ssl/certs/NetLock_Business_=Class_B=_Root.pem: C = HU, L = Budapest, O = NetLock Halozatbiztonsagi Kft., OU = Tanusitvanykiadok, CN = NetLock Uzleti (Class B) Tanusitvanykiado error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/NetLock_Express_=Class_C=_Root.pem: C = HU, L = Budapest, O = NetLock Halozatbiztonsagi Kft., OU = Tanusitvanykiadok, CN = NetLock Expressz (Class C) Tanusitvanykiado error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/NetLock_Notary_=Class_A=_Root.pem: C = HU, ST = Hungary, L = Budapest, O = NetLock Halozatbiztonsagi Kft., OU = Tanusitvanykiadok, CN = NetLock Kozjegyzoi (Class A) Tanusitvanykiado error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/NetLock_Qualified_=Class_QA=_Root.pem: OK /etc/ssl/certs/Network_Solutions_Certificate_Authority.pem: OK /etc/ssl/certs/OISTE_WISeKey_Global_Root_GA_CA.pem: OK /etc/ssl/certs/OISTE_WISeKey_Global_Root_GB_CA.pem: OK /etc/ssl/certs/PSCProcert.pem: emailAddress = contacto@procert.net.ve, L = Chacao, ST = Miranda, OU = Proveedor de Certificados PROCERT, O = Sistema Nacional de Certificacion Electronica, C = VE, CN = PSCProcert error 20 at 0 depth lookup:unable to get local issuer certificate /etc/ssl/certs/QuoVadis_Root_CA.pem: C = BM, O = QuoVadis Limited, OU = Root Certification Authority, CN = QuoVadis Root Certification Authority error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/QuoVadis_Root_CA_1_G3.pem: OK /etc/ssl/certs/QuoVadis_Root_CA_2.pem: OK /etc/ssl/certs/QuoVadis_Root_CA_2_G3.pem: OK /etc/ssl/certs/QuoVadis_Root_CA_3.pem: OK /etc/ssl/certs/QuoVadis_Root_CA_3_G3.pem: OK /etc/ssl/certs/RSA_Security_2048_v3.pem: OK /etc/ssl/certs/Root_CA_Generalitat_Valenciana.pem: C = ES, O = Generalitat Valenciana, OU = PKIGVA, CN = Root CA Generalitat Valenciana error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.pem: OK /etc/ssl/certs/S-TRUST_Universal_Root_CA.pem: OK /etc/ssl/certs/SecureSign_RootCA11.pem: OK /etc/ssl/certs/SecureTrust_CA.pem: OK /etc/ssl/certs/Secure_Global_CA.pem: OK /etc/ssl/certs/Security_Communication_EV_RootCA1.pem: OK /etc/ssl/certs/Security_Communication_RootCA2.pem: OK /etc/ssl/certs/Security_Communication_Root_CA.pem: OK /etc/ssl/certs/Sonera_Class_1_Root_CA.pem: C = FI, O = Sonera, CN = Sonera Class1 CA error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/Sonera_Class_2_Root_CA.pem: C = FI, O = Sonera, CN = Sonera Class2 CA error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/Staat_der_Nederlanden_EV_Root_CA.pem: OK /etc/ssl/certs/Staat_der_Nederlanden_Root_CA.pem: C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/Staat_der_Nederlanden_Root_CA_-_G2.pem: C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA - G2 error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/Staat_der_Nederlanden_Root_CA_-_G3.pem: OK /etc/ssl/certs/Starfield_Class_2_CA.pem: OK /etc/ssl/certs/Starfield_Root_Certificate_Authority_-_G2.pem: OK /etc/ssl/certs/Starfield_Services_Root_Certificate_Authority_-_G2.pem: OK /etc/ssl/certs/StartCom_Certification_Authority.pem: OK /etc/ssl/certs/StartCom_Certification_Authority_2.pem: C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority error 18 at 0 depth lookup:self signed certificate OK /etc/ssl/certs/StartCom_Certification_Authority_G2.pem: OK /etc/ssl/certs/SwissSign_Gold_CA_-_G2.pem: OK /etc/ssl/certs/SwissSign_Platinum_CA_-_G2.pem: OK /etc/ssl/certs/SwissSign_Silver_CA_-_G2.pem: OK /etc/ssl/certs/Swisscom_Root_CA_1.pem: OK /etc/ssl/certs/Swisscom_Root_CA_2.pem: OK /etc/ssl/certs/Swisscom_Root_EV_CA_2.pem: OK /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem: OK /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_3.pem: OK /etc/ssl/certs/TC_TrustCenter_Class_3_CA_II.pem: OK /etc/ssl/certs/TURKTRUST_Certificate_Services_Provider_Root_2007.pem: CN = T\C3\9CRKTRUST Elektronik Sertifika Hizmet Sa\C4\9Flay\C4\B1c\C4\B1s\C4\B1, C = TR, L = Ankara, O = T\C3\9CRKTRUST Bilgi \C4\B0leti\C5\9Fim ve Bili\C5\9Fim G\C3\BCvenli\C4\9Fi Hizmetleri A.\C5\9E. (c) Aral\C4\B1k 2007 error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/TWCA_Global_Root_CA.pem: OK /etc/ssl/certs/TWCA_Root_Certification_Authority.pem: OK /etc/ssl/certs/Taiwan_GRCA.pem: OK /etc/ssl/certs/TeliaSonera_Root_CA_v1.pem: OK /etc/ssl/certs/Trustis_FPS_Root_CA.pem: OK /etc/ssl/certs/TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.pem: C = TR, L = Gebze - Kocaeli, O = T\C3\BCrkiye Bilimsel ve Teknolojik Ara\C5\9Ft\C4\B1rma Kurumu - T\C3\9CB\C4\B0TAK, OU = Ulusal Elektronik ve Kriptoloji Ara\C5\9Ft\C4\B1rma Enstit\C3\BCs\C3\BC - UEKAE, OU = Kamu Sertifikasyon Merkezi, CN = T\C3\9CB\C4\B0TAK UEKAE K\C3\B6k Sertifika Hizmet Sa\C4\9Flay\C4\B1c\C4\B1s\C4\B1 - S\C3\BCr\C3\BCm 3 error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5.pem: OK /etc/ssl/certs/TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H6.pem: OK /etc/ssl/certs/USERTrust_ECC_Certification_Authority.pem: OK /etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem: OK /etc/ssl/certs/UTN_USERFirst_Email_Root_CA.pem: C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Client Authentication and Email error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/UTN_USERFirst_Hardware_Root_CA.pem: C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Hardware error 10 at 0 depth lookup:certificate has expired OK /etc/ssl/certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem: OK /etc/ssl/certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem: OK /etc/ssl/certs/VeriSign_Universal_Root_Certification_Authority.pem: OK /etc/ssl/certs/Verisign_Class_1_Public_Primary_Certification_Authority.pem: OK /etc/ssl/certs/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.pem: OK /etc/ssl/certs/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem: OK /etc/ssl/certs/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.pem: OK /etc/ssl/certs/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem: OK /etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority.pem: OK /etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.pem: OK /etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem: OK /etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority_2.pem: C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority error 18 at 0 depth lookup:self signed certificate OK /etc/ssl/certs/Visa_eCommerce_Root.pem: OK /etc/ssl/certs/WellsSecure_Public_Root_Certificate_Authority.pem: OK /etc/ssl/certs/WoSign.pem: OK /etc/ssl/certs/WoSign_China.pem: OK /etc/ssl/certs/XRamp_Global_CA_Root.pem: OK /etc/ssl/certs/certSIGN_ROOT_CA.pem: OK /etc/ssl/certs/ePKI_Root_Certification_Authority.pem: OK /etc/ssl/certs/thawte_Primary_Root_CA.pem: OK /etc/ssl/certs/thawte_Primary_Root_CA_-_G2.pem: OK /etc/ssl/certs/thawte_Primary_Root_CA_-_G3.pem: OK Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.