Join Log in
Score:0
user1247196 avatar Server

SLES 12 SP1 expired letsencrypt X3 root ca certificate

tw flag
user1247196

I'm working with SLES 12 SP1.

When running

zypper addrepo https://download.opensuse.org/repositories/openSUSE:Factory/standard/openSUSE:Factory.repo

I get the following error

Download (curl) error for 'https://download.opensuse.org/repositories/openSUSE:Factory/standard/openSUSE:Factory.repo':
Error code: Unrecognized error
Error message: SSL certificate problem: unable to get local issuer certificate

Debugging with

openssl s_client -showcerts -connect download.opensuse.org:443 -debug -servername download.opensuse.org

I see the following

...

depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify error:num=20:unable to get local issuer certificate
verify return:0

...

---
Certificate chain
 0 s:/CN=opensuse.org
   i:/C=US/O=Let's Encrypt/CN=R3
-----BEGIN CERTIFICATE-----
MIIGLjCCBRagAwIBAgISBBr/nmQ4pBnrdeCoF3H6OLSlMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzAzMTEwMDA4NDVaFw0yMzA2MDkwMDA4NDRaMBcxFTATBgNVBAMT
DG9wZW5zdXNlLm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANQ2
vf/c2+lTn5nqN1H4sIu/rks9D5HJp6UnIlE3dj7WnRHjq7PBETUxgyXtDfdPLXnB
p/KXjeqGoW/W1GJaFxZTuHBlToRNxIp/qWIVVkaeatZHAigJT5+PpGTsVjM3oex5
bR97Ab7shOACcbHMVQ7CBP+bqLtXYFfJfjUmwvPI2hTbMrmOCZe5fZV2AskNnpW+
is6ag4rEGvDKyiQWVbOX87ZraKWWIeaaBo2JJdAB35i56yMLkNGAA4d9mSJKPDjX
BsFx2ZLQLqM+WGnG6UIPrq7/hdwHp70/mafvSAJPRRwnA+D3zsE42Q8dUDZPvUTh
IBEBb3w6ifA8JvopbtubUiCcmL/D4TAHrZ/VWoCDaXgiY5cEifKsyPtqiHa0jXdh
TLOczgLl7ek/qYhlZ30tBJGLUXPhI6s+rZoD15R1/rd+432lXjviJsHM5Rb+BuMW
GSMIY2frTwFCkr3PPtsDxr1LIAVG0Wh/MMG6Wgj7bsccsKz8oeBsYf2DxcoA3Pz6
r+4/jJIC7gLK4ddIEAw/oocF+OV41Bq+VvFfQjmJiAEoKzRpboxVcVdsfg2uFIYb
trIL51RTlXcQ/l98US96mcnKOeEhUTQGE1I/qEZo2iRjQEbgHRjsz7Pc67K42Nxb
0nbQJfdvUVAFlREbh0Iu6TidipAd72q8UXy9Dkz/AgMBAAGjggJXMIICUzAOBgNV
HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud
EwEB/wQCMAAwHQYDVR0OBBYEFAAFrQ2CmtMiqcPF4RP7KYUc85JQMB8GA1UdIwQY
MBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEF
BQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8v
cjMuaS5sZW5jci5vcmcvMCcGA1UdEQQgMB6CDioub3BlbnN1c2Uub3JnggxvcGVu
c3VzZS5vcmcwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAm
BggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEE
AdZ5AgQCBIH1BIHyAPAAdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20
mQAAAYbONolKAAAEAwBHMEUCIFBMFxie74eprciSTchf6bJ+RjlMHiPolQT/8kY7
GaWUAiEA2U+Th/YKunYXh8ERjZqi0LtFi5qquH2TE0y/DKtrrGUAdgDoPtDaPvUG
NTLnVyi8iWvJA9PL0RFr7Otp4Xd9bQa9bgAAAYbONolCAAAEAwBHMEUCIQDJ193g
DohQe8eGvxuIF69VAGR36TTw99kAeHGCZVO9oQIgFxclSzKwmFgz16wlJDlsJgLw
iKD68MGicO48rUwC/A8wDQYJKoZIhvcNAQELBQADggEBAC7uzxioInar7QFMiwXr
WqyO1vJdf9e0dICcPzx14BaZday9ps50dJZeCanRcUsVEsrK++Kan9yPzfazQsF7
KhRAWBajAjf1WtC+UddDcVwPe+VPyuzIP3yVuqqPgW5roSDuQiro9RpGpwIPIIQi
nHv1w986AgLLl12wkYqcsfoDpgw7zFqJZkUW6DWZPvk1xePPJq97B5DYyS2BM69J
NdQh0fJICglmQ/3gIUd9L9wx7VVzSYBSkVVAnf9gZkR9De07/CAT5I6cGkq9rFQW
95Jr8A6+9WBqx1RkYU8rwR2D5X/uiOKGMswDC6TPlWqJCBVKQdTbd15BZIy5HxOR
qo8=
-----END CERTIFICATE-----
 1 s:/C=US/O=Let's Encrypt/CN=R3
   i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
 2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=opensuse.org
issuer=/C=US/O=Let's Encrypt/CN=R3
---
No client certificate CA names sent
---
SSL handshake has read 5308 bytes and written 485 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 658EF2FD83D487DD3FE9BCB345550A490CE6693B8808F3BA4B1CB6879597E898
    Session-ID-ctx:
    Master-Key: 968B034D2679BDDFDBB90467572409C4016CC78F8947EE5C7AD02368A5AB864C3530491003A39D00D544C128D45BF28C
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - dd 67 ca b4 ec 1f ab 4e-6c f0 31 23 9f b3 07 c0   .g.....Nl.1#....
    0010 - c4 33 d7 8e 95 ce 43 23-26 17 bd 2b c2 25 37 78   .3....C#&..+.%7x
    0020 - 2f fd ba b8 f1 b2 7f 5d-d1 c6 19 66 95 3f 92 ab   /......]...f.?..
    0030 - 4a 4c 41 4b af 3b 75 b7-80 27 67 61 fa f3 e3 06   JLAK.;u..'ga....
    0040 - 81 9b cf c6 1b 3c 9f 0b-3b 51 d1 f8 67 13 4a 2c   .....<..;Q..g.J,
    0050 - 13 e6 cc 8b 34 e0 44 e4-0f 7e 7a 03 92 2c 52 07   ....4.D..~z..,R.
    0060 - e8 7d ed 7f 65 42 b0 6f-73 10 68 a2 f6 eb 45 9f   .}..eB.os.h...E.
    0070 - 8d eb e8 d7 90 2a 88 37-87 a2 48 91 70 36 e2 14   .....*.7..H.p6..
    0080 - f6 17 50 56 d6 0f c5 02-a6 09 88 2b d5 aa 4d d2   ..PV.......+..M.
    0090 - fe 8c 18 ad 5d 29 b6 ce-d3 eb a3 8e c4 72 ec 32   ....]).......r.2
    00a0 - 61 30 a9 60 ea d4 48 15-cf e5 b7 25 be 95 9f d5   a0.`..H....%....
    00b0 - a7 b0 17 c8 07 e4 7b 4e-df ee fa 8b f5 1e 7f a1   ......{N........
    00c0 - 11 da 92 d2 2b 6e 6a d2-60 ed ff 9f 2c a7 c7 d9   ....+nj.`...,...

    Start Time: 1680875176
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
...

How can I fix this certificate issue in order to be able to add the repo?

136
0 + 1
Ginnungagap avatar
gu flag
Ginnungagap
Is SLES up-to-date? It feels like its system trust store hasn't been updated in ages.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.