Article <slrnvub8cg.pnm9.rayban@raybanana.net>

Deutsch English Français Italiano
<slrnvub8cg.pnm9.rayban@raybanana.net>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!raybanana.dont-email.me!.POSTED!not-for-mail
From: Ray Banana <rayban@raybanana.net>
Newsgroups: news.admin.peering,news.software.nntp
Subject: Enabling SSL for NNRPD (was: Looking for peering and help)
Followup-To: news.software.nntp
Date: Thu, 27 Mar 2025 19:05:52 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 35
Message-ID: <slrnvub8cg.pnm9.rayban@raybanana.net>
References: <m4gc9fF147oU1@mid.individual.net>
 <m4gg0iF1mhqU1@mid.individual.net> <8mv7rvhfpt.fsf@raybanana.net>
 <m4lb9kFdp4hU1@mid.individual.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 27 Mar 2025 20:05:53 +0100 (CET)
Injection-Info: raybanana.dont-email.me; posting-host="434176d4ced1ab8d25ba15fb825db828";
	logging-data="977402"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX18dehM1oJ1g9wQK+fYmjZwD6QtAgcBt/Vs="
User-Agent: slrn/pre1.0.4-9 (Linux)
Cancel-Lock: sha1:Kiwz5b2QW3SpYGIgmrPy37HdZq8=
Bytes: 2423

[crosspost and followup-to to news.software.nntp]

* Gabx wrote:
> I have commented out everything that concernes tls but i still get:
>
>> 20 [16:51:14] gabriel1@xnibiru25: ~  $ nc news.tcpreset.net 119
>> 400 Error initializing TLS
>
>> Mar 27 15:52:34 news nnrpd[581321]: unable to get certificate from '/etc/news/cert.pem'
>> Mar 27 15:52:34 news nnrpd[581321]: error initializing TLS: [CA_file: ] [CA_path: /etc/news] [cert_file: /etc/news/cert.pem] [key_file: /etc/news/key.pem]
>
> As you see:
>
>> root@news:/etc/news/ssl# grep cert.pem -R /etc/news/
>> /etc/news/inn.conf:#tlscertfile:                /etc/news/ssl/cert.pe
>
> tls directive is commented out.

When nnrpd is started by innd, it should only use SSL when a client explicitly
requests encryption via STARTTLS, so I wonder how your nnrpd is actually started?

What is the output from the following command:

netstat -tulpen | grep :119

Just because you mention Letsencrypt in your parallel posting in n.s.nntp:

What does ls -l /etc/news/*.pem display`?

And finally: What is your operating system (distibution)? Did you install 
INN from the package supplied by your distribution?    

-- 
Пу́тін — хуйло́
https://www.eternal-september.org