Unfortunately, I don't have any backup of the original cert.pem file. So
I wonder if I'm correct with this:
I will get a new cert.pem if I upgrade the os (current version is 6.3)
to 6.4, and then, before merging the new one, I could test similar to
what you told me.
====================
I am just now suddenly wondering:
- when I upgrade the os, I get a new cert.pem -- correct?
- Therefore I have to add again other certificates to the "new"
cert.pem. -- correct?
- And the old cert.pem is no longer needed so there's no need to "merge"
the old cert.pem or any other. -- correct?
=====================
So could the merging wrong one have caused the issue?
Thank you, TronDD.
On 29/10/2018 00:20, TronDD wrote:
>
>
> On October 28, 2018 12:09:02 AM EDT, "연락 연락" <rdansdml.itw@outlook.com> wrote:
>> Thank you indeed for your reply, trondd.
>> Yes, I added certificate(s) to cert.pem, probably more than one time so
>> far.
>> But the size looks not much bigger than normal one that I see from
>> another host.
>> size of the cert.pem modified(?): 357***
>> size of cert.pem I see from another host where I didn't add anything to
>>
>> the cert.pem: 349***
>>
>> Do you think 357*** is too big?
>> How did you solve the issue?
>> What can I do if something went wrong when I added certificates or when
>>
>> upgrading openbsd and adding the certificates again?
>>
>
> Put the original cert.pem back and see if it solves the issue first.
>
>
>> If the router/gateway before the host has been changed so the cert.pem
>> of the gateway is not the same of the previous one, can it be also a
>> matter?
>>
>>
>
> The cert.pem only matters on the machine making the SSL connection.
>
>
>> On 28/10/2018 04:54, trondd wrote:
>>> On Sat, October 27, 2018 6:19 am, ì*°ë*½ ì*°ë*½ wrote:
>>>> Dear misc,
>>>>
>>>> I am getting an error saying "ssl verify memory setup failure"
>> whenever
>>>> I try to renew existing certificates on a host -- Openbsd 6.3,
>> httpd,
>>>> acme-client.
>>>> Recently there were changes in a few configurations, including
>> network,
>>>> name servers, etc.
>>>>
>>>> The below is all I get when I try command acme-clilent -vv
>> example.com:
>>>>
>>>> ..domain key
>>>> ..account key
>>>> ..cert ...days left
>>>> ..directory
>>>> ..DNS: (some ip)
>>>> (some ip):tls_connect_socket: acme-v01.api.letsencrypt.org, ssl
>> verify
>>>> memory setup failure
>>>> ..bad comm
>>>> bad exit...
>>>>
>>>> Could someone let me know what could cause the ssl verify memory
>> setup
>>>> failure, or if the memory setup failure could be some kind of common
>>>> error, such as something occurred by memory configuration, such as
>> in
>>>> login.conf?
>>>>
>>>> For your information, those worked before. Recently thinking about
>>>> hardware issues, especially for RAM.
>>>> Because I can't share detailed configurations, names, etc., I am
>>>> wondering if someone could kindly give some advice on the above
>>>> information.
>>>>
>>>> Any help and your time would be greatly appreciated indeed.
>>>>
>>>
>>> Did you modify certs.pem? I've run into this when accidentally
>> adding
>>> certs multiple times growing the file too big or writing a DOS
>> formatted
>>> cert to it.
>>>
No comments:
Post a Comment