[GLLUG] irssi and ssl

John Winters john at sinodun.org.uk
Mon Nov 15 15:04:29 UTC 2021

On 15/11/2021 15:00, Henrik Morsing wrote:
> On Mon, Nov 15, 2021 at 02:50:11PM +0000, John Winters via GLLUG wrote:
>> You do it with "dpkg-reconfigure ca-certificates" and make sure the 
>> one being used by your ISP is trusted.
> Thanks, got this:
> root at emil:~# dpkg-reconfigure ca-certificates
> Updating certificates in /etc/ssl/certs...
> 0 added, 0 removed; done.
> Processing triggers for ca-certificates (20210119) ...
> Updating certificates in /etc/ssl/certs...
> 0 added, 0 removed; done.
> Running hooks in /etc/ca-certificates/update.d...
> done.
> I chose "yes" and trusted all listed, which were exclusively Mozilla 
> certificates. Maybe a silly question, but how would it know what my ISP 
> certificate is? Do I need to retrieve and place it somewhere?

I'm no expert but AIUI you need to trust the *root* certificate being 
used by your ISP - not your ISP's certificate.  Which that is would 
depend on who issued their certificate.

My problem was caused by LetsEncrypt's old root certificate having 
expired and their new one not being trusted on my system.

John Edwards's suggestion of querying the certificate might give you the 
necessary info.


Xronos Scheduler - https://xronos.uk/  |  i = (free(NULL), i++);
All your school's schedule information in one place.
Timetable, activities, homework, public events - the lot
Live demo at https://schedulerdemo.xronos.uk/

More information about the GLLUG mailing list