Following the weekly cron job that rotates the logs (although, that does actually coincide with a daily cron, so the issue could have been with that) I’m now seeing a failure every time nethserver-blacklist/download runs, every 20 minutes.
Extracting out the failing command, and turning on debug, I see this:
According to an online search (and sslabs analysis), the error might be related to an incomplete certificate chain. Don’t know if it’s a letsencrypt change or something else. Not right up my alley.
Interesting, as I haven’t touched anything to do with certificates. I’m using the certificate chain as constructed by LetsEncrypt/Nethserver, which has been working for over 1,000 days now, as the logs are wrapping.
OK, it’s one of the issues with certificate renewal I reported back in November 2016 and August 2017, both reported here.
I had “hacked” my copy of /usr/libexec/nethserver/letsencrypt-certs to work in (what I think is) all conditions. It looks like this was replaced fairly recently, for the first time in (obviously) over 2 years, so when LetsEncrypt renewed my certificate on January 25th, it wasn’t applied to my system.
It looks like the latest update fixes the mixed case issue, but not the one with the “pki/LetsEncryptDomains” property order. The fix I suggested in that report is my “hack”.