Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.devel.testing > #1113

Bug#927435: upgrade-reports: Buster upgrade: had to re-create unbound certs/keys

Cross-posted to 2 groups.

Show all headers | View raw

Package: upgrade-reports
Severity: normal

After upgrading to buster, unbound-control would fail to run with this error..

error: Error setting up SSL_CTX client cert
139765110753216:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small:../ssl/ssl_rsa.c:310:

To fix this I had to regenerate the certs and keys by removing the old ones and
running unbound-control-setup, then restarting unbound. This fixed the issue.

$ cd /etc/unbound/
$ sudo rm *.key *.pem
$ sudo unbound-control-setup
$ sudo systemctl restart unbound

Note that with unbound-control broken, that broke `systemctl reload unbound` as
it depends on unbound-control.

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- 

John Eikenberry
[ jae@zhar.net - http://zhar.net ]
________________________________________________________________________
"Perfection is attained, not when no more can be added, but when no more
 can be removed." -- Antoine de Saint-Exupery

Back to linux.debian.devel.testing | Previous | Next | Find similar

Thread

Bug#927435: upgrade-reports: Buster upgrade: had to re-create unbound certs/keys John Eikenberry <jae@zhar.net> - 2019-04-19 20:10 +0200

csiph-web