[GLLUG] irssi and ssl

John Edwards john at cornerstonelinux.co.uk
Mon Nov 15 20:48:23 UTC 2021


On Mon, Nov 15, 2021 at 07:57:36PM +0000, Henrik Morsing via GLLUG wrote:
> Server: irc.aachat.net
> Port: 6697
> SSL: Yes, enforced
> Channel: #a&a

Which is signed by Let's Encrypt CA certificates:

Certificate chain
 0 s:CN = irc.aachat.net
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3

Verification reports OK on my machine (Ubuntu 20.04).

The "ISRG Root X1" CA certificate should be in Debian 8 and above:

On Ubuntu (and probably also Debian) this CA certificate is
/etc/ssl/certs/ISRG_Root_X1.pem which is a symlink to

So you may want to check that those files still exist and have not
been altered (assuming location is same/similar on Debian).

For info the SHA1 sums on my machine are:

$ sha1sum /etc/ssl/certs/ISRG_Root_X1.pem /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt
4de9627fe9ace4acce27eaa1a0837cd3db55704b  /etc/ssl/certs/ISRG_Root_X1.pem
4de9627fe9ace4acce27eaa1a0837cd3db55704b  /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt

Which match the PEM file on Let's Encrypt site:

|    John Edwards   Email: john at cornerstonelinux.co.uk    |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20211115/dbbc4384/attachment.sig>

More information about the GLLUG mailing list