当我尝试使用 Ubuntu 中的 OpenConnect 客户端连接到我的 OCServ 时,它会引发一个错误:
Connected to x.x.x.x:yyy
SSL negotiation with server.domain.tld
Server certificate verify failed: certificate expired
Certificate from VPN server "server.domain.tld" failed verification.
Reason: certificate expired
To trust this server in future, perhaps add this to your command line:
--servercert pin-sha256:02oy27uQkY5fMYDda0sSLIj1SbioAHRRbqUneUeI6OA=
Enter 'yes' to accept, 'no' to abort; anything else to view:
当我按下键查看证书时,有效期是正常的,并且没有过期!
X.509 Certificate Information:
Version: 3
Serial Number (hex): xyzxyzxyz..
Issuer: CN=R3,O=Let's Encrypt,C=US
Validity:
Not Before: Wed Sep 08 21:10:50 UTC 2021
Not After: Tue Dec 07 21:10:49 UTC 2021
Subject: CN=server.domain.tld
Subject Public Key Algorithm: EC/ECDSA
Algorithm Security Level: Ultra (384 bits)
Curve: SECP384R1
我的系统日期是正确的,2021 年 10 月 3 日,星期日。在过去的一年里,它一直运行正常,但在最近的 letencrypt 证书自动续订之后,我注意到它不能正常工作。
答案1
尝试更新“ca-certificates”包。我遇到了同样的问题,我用这种方法解决了。