Jump to content
XPEnology Community

certificate problems of the blue


Recommended Posts

My Xpenology was working smootly (DSM 6.2.3-25426 Update 3) with Jun's loader 1.03b on my HP Microserver Gen8

 

Out of the sudden, Pi-Hole in the docker started to have problems and also my entire LAN, as it was the DNS.

I've managed to fix the network by using Google DNS on the router, but now I have a problem:

 

I cannot acces any https sites from the interface (see Packages) or from SSH.

 

I've copy the newest certificates from https://curl.se/ca/cacert.pem to /etc/ssl/certs/ca-certificates.crt and rebooted, but no luck!

 

I can access my NAS from outside via https, but I cannot access any site via https from my NAS and I have no idea why I have this problem out of the blue.

 

wget https://pkgupdate.synology.com/packagecenter/v2/getList
--2022-06-04 22:12:45--  https://pkgupdate.synology.com/packagecenter/v2/getList
Resolving pkgupdate.synology.com... 54.192.235.51, 54.192.235.128, 54.192.235.17, ...
Connecting to pkgupdate.synology.com|54.192.235.51|:443... connected.
Unable to establish SSL connection.

 

curl https://curl.se/ca/cacert.pem
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to curl.se:443 

 

Link to comment
Share on other sites

I've checked the existing certificates and lot are expired, but I do not know if this is the cause

 

 ./ssl_check.sh 
/etc/ssl/certs/ACCVRAIZ1.pem: OK
/etc/ssl/certs/ACEDICOM_Root.pem: OK
/etc/ssl/certs/AC_Raíz_Certicámara_S.A..pem: OK
/etc/ssl/certs/Actalis_Authentication_Root_CA.pem: OK
/etc/ssl/certs/AddTrust_External_Root.pem: C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/AddTrust_Low-Value_Services_Root.pem: C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Class 1 CA Root
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/AddTrust_Public_Services_Root.pem: C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Public CA Root
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/AddTrust_Qualified_Certificates_Root.pem: C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Qualified CA Root
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/AffirmTrust_Commercial.pem: OK
/etc/ssl/certs/AffirmTrust_Networking.pem: OK
/etc/ssl/certs/AffirmTrust_Premium.pem: OK
/etc/ssl/certs/AffirmTrust_Premium_ECC.pem: OK
/etc/ssl/certs/ApplicationCA_-_Japanese_Government.pem: C = JP, O = Japanese Government, OU = ApplicationCA
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/Atos_TrustedRoot_2011.pem: OK
/etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem: OK
/etc/ssl/certs/Baltimore_CyberTrust_Root.pem: OK
/etc/ssl/certs/Buypass_Class_2_CA_1.pem: C = NO, O = Buypass AS-983163327, CN = Buypass Class 2 CA 1
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/Buypass_Class_2_Root_CA.pem: OK
/etc/ssl/certs/Buypass_Class_3_Root_CA.pem: OK
/etc/ssl/certs/CA_Disig.pem: C = SK, L = Bratislava, O = Disig a.s., CN = CA Disig
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/CA_Disig_Root_R1.pem: OK
/etc/ssl/certs/CA_Disig_Root_R2.pem: OK
/etc/ssl/certs/CA_WoSign_ECC_Root.pem: OK
/etc/ssl/certs/CFCA_EV_ROOT.pem: OK
/etc/ssl/certs/CNNIC_ROOT.pem: OK
/etc/ssl/certs/COMODO_Certification_Authority.pem: OK
/etc/ssl/certs/COMODO_ECC_Certification_Authority.pem: OK
/etc/ssl/certs/COMODO_RSA_Certification_Authority.pem: OK
/etc/ssl/certs/Camerfirma_Chambers_of_Commerce_Root.pem: OK
/etc/ssl/certs/Camerfirma_Global_Chambersign_Root.pem: OK
/etc/ssl/certs/Certification_Authority_of_WoSign_G2.pem: OK
/etc/ssl/certs/Certigna.pem: OK
/etc/ssl/certs/Certinomis_-_Autorité_Racine.pem: OK
/etc/ssl/certs/Certinomis_-_Root_CA.pem: OK
/etc/ssl/certs/Certplus_Class_2_Primary_CA.pem: C = FR, O = Certplus, CN = Class 2 Primary CA
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/Certum_Root_CA.pem: OK
/etc/ssl/certs/Certum_Trusted_Network_CA.pem: OK
/etc/ssl/certs/Chambers_of_Commerce_Root_-_2008.pem: OK
/etc/ssl/certs/China_Internet_Network_Information_Center_EV_Certificates_Root.pem: OK
/etc/ssl/certs/ComSign_CA.pem: OK
/etc/ssl/certs/Comodo_AAA_Services_root.pem: OK
/etc/ssl/certs/Comodo_Secure_Services_root.pem: OK
/etc/ssl/certs/Comodo_Trusted_Services_root.pem: OK
/etc/ssl/certs/Cybertrust_Global_Root.pem: O = "Cybertrust, Inc", CN = Cybertrust Global Root
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_2009.pem: OK
/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_EV_2009.pem: OK
/etc/ssl/certs/DST_ACES_CA_X6.pem: C = US, O = Digital Signature Trust, OU = DST ACES, CN = DST ACES CA X6
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/DST_Root_CA_X3.pem: O = Digital Signature Trust Co., CN = DST Root CA X3
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/Deutsche_Telekom_Root_CA_2.pem: C = DE, O = Deutsche Telekom AG, OU = T-TeleSec Trust Center, CN = Deutsche Telekom Root CA 2
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.pem: OK
/etc/ssl/certs/DigiCert_Assured_ID_Root_G2.pem: OK
/etc/ssl/certs/DigiCert_Assured_ID_Root_G3.pem: OK
/etc/ssl/certs/DigiCert_Global_Root_CA.pem: OK
/etc/ssl/certs/DigiCert_Global_Root_G2.pem: OK
/etc/ssl/certs/DigiCert_Global_Root_G3.pem: OK
/etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.pem: OK
/etc/ssl/certs/DigiCert_Trusted_Root_G4.pem: OK
/etc/ssl/certs/E-Tugra_Certification_Authority.pem: OK
/etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem: CN = EBG Elektronik Sertifika Hizmet Sa\C4\9Flay\C4\B1c\C4\B1s\C4\B1, O = EBG Bili\C5\9Fim Teknolojileri ve Hizmetleri A.\C5\9E., C = TR
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/EC-ACC.pem: OK
/etc/ssl/certs/EE_Certification_Centre_Root_CA.pem: OK
/etc/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.pem: OK
/etc/ssl/certs/Entrust_Root_Certification_Authority.pem: OK
/etc/ssl/certs/Entrust_Root_Certification_Authority_-_EC1.pem: OK
/etc/ssl/certs/Entrust_Root_Certification_Authority_-_G2.pem: OK
/etc/ssl/certs/Equifax_Secure_CA.pem: C = US, O = Equifax, OU = Equifax Secure Certificate Authority
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/Equifax_Secure_Global_eBusiness_CA.pem: C = US, O = Equifax Secure Inc., CN = Equifax Secure Global eBusiness CA-1
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/Equifax_Secure_eBusiness_CA_1.pem: C = US, O = Equifax Secure Inc., CN = Equifax Secure eBusiness CA-1
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/GeoTrust_Global_CA.pem: C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/GeoTrust_Global_CA_2.pem: C = US, O = GeoTrust Inc., CN = GeoTrust Global CA 2
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/GeoTrust_Primary_Certification_Authority.pem: OK
/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G2.pem: OK
/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G3.pem: OK
/etc/ssl/certs/GeoTrust_Universal_CA.pem: OK
/etc/ssl/certs/GeoTrust_Universal_CA_2.pem: OK
/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R4.pem: OK
/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R5.pem: OK
/etc/ssl/certs/GlobalSign_Root_CA.pem: OK
/etc/ssl/certs/GlobalSign_Root_CA_-_R2.pem: OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/GlobalSign_Root_CA_-_R3.pem: OK
/etc/ssl/certs/Global_Chambersign_Root_-_2008.pem: OK
/etc/ssl/certs/Go_Daddy_Class_2_CA.pem: OK
/etc/ssl/certs/Go_Daddy_Root_Certificate_Authority_-_G2.pem: OK
/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem: OK
/etc/ssl/certs/Hongkong_Post_Root_CA_1.pem: OK
/etc/ssl/certs/IGC_A.pem: C = FR, ST = France, L = Paris, O = PM/SGDN, OU = DCSSI, CN = IGC/A, emailAddress = igca@sgdn.pm.gouv.fr
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/IdenTrust_Commercial_Root_CA_1.pem: OK
/etc/ssl/certs/IdenTrust_Public_Sector_Root_CA_1.pem: OK
/etc/ssl/certs/Izenpe.com.pem: OK
/etc/ssl/certs/Juur-SK.pem: emailAddress = pki@sk.ee, C = EE, O = AS Sertifitseerimiskeskus, CN = Juur-SK
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/Microsec_e-Szigno_Root_CA.pem: C = HU, L = Budapest, O = Microsec Ltd., OU = e-Szigno CA, CN = Microsec e-Szigno Root CA
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/Microsec_e-Szigno_Root_CA_2009.pem: OK
/etc/ssl/certs/NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem: OK
/etc/ssl/certs/NetLock_Business_=Class_B=_Root.pem: C = HU, L = Budapest, O = NetLock Halozatbiztonsagi Kft., OU = Tanusitvanykiadok, CN = NetLock Uzleti (Class B) Tanusitvanykiado
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/NetLock_Express_=Class_C=_Root.pem: C = HU, L = Budapest, O = NetLock Halozatbiztonsagi Kft., OU = Tanusitvanykiadok, CN = NetLock Expressz (Class C) Tanusitvanykiado
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/NetLock_Notary_=Class_A=_Root.pem: C = HU, ST = Hungary, L = Budapest, O = NetLock Halozatbiztonsagi Kft., OU = Tanusitvanykiadok, CN = NetLock Kozjegyzoi (Class A) Tanusitvanykiado
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/NetLock_Qualified_=Class_QA=_Root.pem: OK
/etc/ssl/certs/Network_Solutions_Certificate_Authority.pem: OK
/etc/ssl/certs/OISTE_WISeKey_Global_Root_GA_CA.pem: OK
/etc/ssl/certs/OISTE_WISeKey_Global_Root_GB_CA.pem: OK
/etc/ssl/certs/PSCProcert.pem: emailAddress = contacto@procert.net.ve, L = Chacao, ST = Miranda, OU = Proveedor de Certificados PROCERT, O = Sistema Nacional de Certificacion Electronica, C = VE, CN = PSCProcert
error 20 at 0 depth lookup:unable to get local issuer certificate
/etc/ssl/certs/QuoVadis_Root_CA.pem: C = BM, O = QuoVadis Limited, OU = Root Certification Authority, CN = QuoVadis Root Certification Authority
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/QuoVadis_Root_CA_1_G3.pem: OK
/etc/ssl/certs/QuoVadis_Root_CA_2.pem: OK
/etc/ssl/certs/QuoVadis_Root_CA_2_G3.pem: OK
/etc/ssl/certs/QuoVadis_Root_CA_3.pem: OK
/etc/ssl/certs/QuoVadis_Root_CA_3_G3.pem: OK
/etc/ssl/certs/RSA_Security_2048_v3.pem: OK
/etc/ssl/certs/Root_CA_Generalitat_Valenciana.pem: C = ES, O = Generalitat Valenciana, OU = PKIGVA, CN = Root CA Generalitat Valenciana
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.pem: OK
/etc/ssl/certs/S-TRUST_Universal_Root_CA.pem: OK
/etc/ssl/certs/SecureSign_RootCA11.pem: OK
/etc/ssl/certs/SecureTrust_CA.pem: OK
/etc/ssl/certs/Secure_Global_CA.pem: OK
/etc/ssl/certs/Security_Communication_EV_RootCA1.pem: OK
/etc/ssl/certs/Security_Communication_RootCA2.pem: OK
/etc/ssl/certs/Security_Communication_Root_CA.pem: OK
/etc/ssl/certs/Sonera_Class_1_Root_CA.pem: C = FI, O = Sonera, CN = Sonera Class1 CA
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/Sonera_Class_2_Root_CA.pem: C = FI, O = Sonera, CN = Sonera Class2 CA
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/Staat_der_Nederlanden_EV_Root_CA.pem: OK
/etc/ssl/certs/Staat_der_Nederlanden_Root_CA.pem: C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/Staat_der_Nederlanden_Root_CA_-_G2.pem: C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA - G2
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/Staat_der_Nederlanden_Root_CA_-_G3.pem: OK
/etc/ssl/certs/Starfield_Class_2_CA.pem: OK
/etc/ssl/certs/Starfield_Root_Certificate_Authority_-_G2.pem: OK
/etc/ssl/certs/Starfield_Services_Root_Certificate_Authority_-_G2.pem: OK
/etc/ssl/certs/StartCom_Certification_Authority.pem: OK
/etc/ssl/certs/StartCom_Certification_Authority_2.pem: C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority
error 18 at 0 depth lookup:self signed certificate
OK
/etc/ssl/certs/StartCom_Certification_Authority_G2.pem: OK
/etc/ssl/certs/SwissSign_Gold_CA_-_G2.pem: OK
/etc/ssl/certs/SwissSign_Platinum_CA_-_G2.pem: OK
/etc/ssl/certs/SwissSign_Silver_CA_-_G2.pem: OK
/etc/ssl/certs/Swisscom_Root_CA_1.pem: OK
/etc/ssl/certs/Swisscom_Root_CA_2.pem: OK
/etc/ssl/certs/Swisscom_Root_EV_CA_2.pem: OK
/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem: OK
/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_3.pem: OK
/etc/ssl/certs/TC_TrustCenter_Class_3_CA_II.pem: OK
/etc/ssl/certs/TURKTRUST_Certificate_Services_Provider_Root_2007.pem: CN = T\C3\9CRKTRUST Elektronik Sertifika Hizmet Sa\C4\9Flay\C4\B1c\C4\B1s\C4\B1, C = TR, L = Ankara, O = T\C3\9CRKTRUST Bilgi \C4\B0leti\C5\9Fim ve Bili\C5\9Fim G\C3\BCvenli\C4\9Fi Hizmetleri A.\C5\9E. (c) Aral\C4\B1k 2007
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/TWCA_Global_Root_CA.pem: OK
/etc/ssl/certs/TWCA_Root_Certification_Authority.pem: OK
/etc/ssl/certs/Taiwan_GRCA.pem: OK
/etc/ssl/certs/TeliaSonera_Root_CA_v1.pem: OK
/etc/ssl/certs/Trustis_FPS_Root_CA.pem: OK
/etc/ssl/certs/TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.pem: C = TR, L = Gebze - Kocaeli, O = T\C3\BCrkiye Bilimsel ve Teknolojik Ara\C5\9Ft\C4\B1rma Kurumu - T\C3\9CB\C4\B0TAK, OU = Ulusal Elektronik ve Kriptoloji Ara\C5\9Ft\C4\B1rma Enstit\C3\BCs\C3\BC - UEKAE, OU = Kamu Sertifikasyon Merkezi, CN = T\C3\9CB\C4\B0TAK UEKAE K\C3\B6k Sertifika Hizmet Sa\C4\9Flay\C4\B1c\C4\B1s\C4\B1 - S\C3\BCr\C3\BCm 3
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5.pem: OK
/etc/ssl/certs/TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H6.pem: OK
/etc/ssl/certs/USERTrust_ECC_Certification_Authority.pem: OK
/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem: OK
/etc/ssl/certs/UTN_USERFirst_Email_Root_CA.pem: C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Client Authentication and Email
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/UTN_USERFirst_Hardware_Root_CA.pem: C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Hardware
error 10 at 0 depth lookup:certificate has expired
OK
/etc/ssl/certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem: OK
/etc/ssl/certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem: OK
/etc/ssl/certs/VeriSign_Universal_Root_Certification_Authority.pem: OK
/etc/ssl/certs/Verisign_Class_1_Public_Primary_Certification_Authority.pem: OK
/etc/ssl/certs/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.pem: OK
/etc/ssl/certs/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem: OK
/etc/ssl/certs/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.pem: OK
/etc/ssl/certs/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem: OK
/etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority.pem: OK
/etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.pem: OK
/etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem: OK
/etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority_2.pem: C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
error 18 at 0 depth lookup:self signed certificate
OK
/etc/ssl/certs/Visa_eCommerce_Root.pem: OK
/etc/ssl/certs/WellsSecure_Public_Root_Certificate_Authority.pem: OK
/etc/ssl/certs/WoSign.pem: OK
/etc/ssl/certs/WoSign_China.pem: OK
/etc/ssl/certs/XRamp_Global_CA_Root.pem: OK
/etc/ssl/certs/certSIGN_ROOT_CA.pem: OK
/etc/ssl/certs/ePKI_Root_Certification_Authority.pem: OK
/etc/ssl/certs/thawte_Primary_Root_CA.pem: OK
/etc/ssl/certs/thawte_Primary_Root_CA_-_G2.pem: OK
/etc/ssl/certs/thawte_Primary_Root_CA_-_G3.pem: OK

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...