New letsencrypt CA failing for download.znuny.org access from OTRS

Moderator: crythias

Post Reply
markdiss
Znuny newbie
Posts: 14
Joined: 05 Oct 2021, 17:15
Znuny Version: 6.4.2
Real Name: Mark Dissington

New letsencrypt CA failing for download.znuny.org access from OTRS

Post by markdiss »

Running Znuny 6.0.37 on fully patches CentOS7, we think the letsencrypt root ca change that happened last week has broken access to the rss feed and repositories hosted at znuny.

-- RSS feed --
Can't connect to https://www.znuny.org/public/rss/en/rss.xml!
-- Log shows various 550 errors trying to get to download.znuny.org --
Tue Oct 5 16:41:50 2021 (Europe/London) error OTRS-CGI-10 Can't perform GET on https://download.znuny.org/releases/its ... 6/otrs.xml: 500 Can't connect to download.znuny.org:443
Tue Oct 5 16:41:50 2021 (Europe/London) error OTRS-CGI-10 Can't perform GET on https://download.znuny.org/releases/mis ... sitory.xml: 500 Can't connect to download.znuny.org:443
Tue Oct 5 16:41:46 2021 (Europe/London) error OTRS-CGI-10 Can't perform GET on https://download.znuny.org/releases/mis ... sitory.xml: 500 Can't connect to download.znuny.org:443

We can runn wget on the server cmd line and it's fine
--
wget https://download.znuny.org/releases/its ... 6/otrs.xml
--2021-10-05 16:44:00-- https://download.znuny.org/releases/its ... 6/otrs.xml
Resolving download.znuny.org (download.znuny.org)... 157.90.24.245, 2a01:4f8:c2c:91f3::1
Connecting to download.znuny.org (download.znuny.org)|157.90.24.245|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 86032 (84K) [text/xml]
Saving to: ‘otrs.xml’

100%[===================================================================================================================================================>] 86,032 --.-K/s in 0.06s

2021-10-05 16:44:00 (1.38 MB/s) - ‘otrs.xml’ saved [86032/86032]
--

I've checked the /opt/otrs/Kernel/cpan-lib/Mozilla/CA/cacert.pem and it _looks_ like it has the up-to-date ISRG cert in there.

TIA,
Mark.
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: New letsencrypt CA failing for download.znuny.org access from OTRS

Post by root »

Hi,

Please update ca-certifcates for CentOS 7 and thne update the bundled certificates of Znuny with the Znuny/OTRS user:

bin/otrs.Console.pl Dev::Code::CPANUpdate --mode stable

Unfortunately the CPAN packages was updated 1st of October and not earlier.

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
markdiss
Znuny newbie
Posts: 14
Joined: 05 Oct 2021, 17:15
Znuny Version: 6.4.2
Real Name: Mark Dissington

Re: New letsencrypt CA failing for download.znuny.org access from OTRS

Post by markdiss »

Superb, now all working.

CentOS was OK - just the CPANUpdate step I was missing. Once that was run package manager could connect fine.

Thanks for the quick response,
Mark.
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: New letsencrypt CA failing for download.znuny.org access from OTRS

Post by root »

JFI: Then next release of Znuny will have an updated Mozilla::CA package

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
Post Reply