|
本帖最后由 king1027 于 2022-11-22 17:38 编辑
安装了不可描述插件后,发现还是无法上网,日志显示
WARN[0413] [TCP] dial ⚓️其他流量 (match Match/) 192.168.1.10:9220 --> assets.msn.com:443 error: 123123.ga:443 connect error: x509: certificate has expired or is not yet valid: current time 2022-11-21T17:20:27Z is after 2021-09-30T14:01:15Z
网上搜索了一番,发现是Let’s Encrypt根证书过期问题。
请问坛友们如何更新Let’s Encrypt根证书?我在R6300V2登录SSH找不到对应的证书,update-ca-certificates命令也无效。
直接SSH运行curl测试,网站用其他证书正常,用let's encrypt证书不正常
admin@R6300V2-A9C5:/tmp/home/root# curl https://qq.com
<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center>stgw</center>
</body>
</html>
admin@R6300V2-A9C5:/tmp/home/root# curl https://163.com
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
admin@R6300V2-A9C5:/tmp/home/root# curl https://123123.ga
curl: (60) SSL certificate problem: certificate has expired
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
|
|