| Deutsch English Français Italiano |
|
<t82h0b$8cd$1@rasp.pasdenom.info> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder8.news.weretis.net!pasdenom.info!.POSTED.2a01:e0a:21:ea80:2bcd:1898:8c71:814c!not-for-mail
From: yamo' <yamo@beurdin.invalid>
Newsgroups: fr.comp.usenet.serveurs
Subject: Re: letsencrypt et INN2
Date: Sat, 11 Jun 2022 18:48:11 +0200
Organization: <https://pasdenom.info/news.html>
Message-ID: <t82h0b$8cd$1@rasp.pasdenom.info>
References: <t7tcqp$ls2$1@rasp.pasdenom.info>
<t7v2vq$gel$1@rasp.pasdenom.info> <t81j60$2d7ss$1@news.trigofacile.com>
Reply-To: yamo@groumpf.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sat, 11 Jun 2022 16:48:11 -0000 (UTC)
Injection-Info: rasp.pasdenom.info; posting-account="stephane@usenet";
logging-data="8589"; mail-complaints-to="abuse@pasdenom.info"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Firefox/68.0 SeaMonkey/2.53.12
Cancel-Lock: sha256:I7JQd0PGU8LOaEaGGS5qgy/avZvChdUhJRzK6eI1gYU=
In-Reply-To: <t81j60$2d7ss$1@news.trigofacile.com>
X-Face: 3KI0f?#fLTG@kKi{}=#:0_|0/Yj`]d3fD_\O0w{?AFf"Cw9|V~#Nd.Wks
Bytes: 3097
Lines: 56
Salut Julien,
Julien ÉLIE a tapoté le 11/06/2022 10:19:
> Ma conf dans le cli.ini et aussi renewal/news.trigofacile.com.conf :
>
> key-type = rsa
> rsa-key-size = 3072
C'est peut-être le "rsa-key-size" qui est le problème, je l'ai mis à
jour dans renewal mais je n'ai pas trouvé de cli.ini...
Et mon certbot doit-être d'une version différente de la tienne, j'ai la
version 1.28.0
> authenticator = standalone
Moi c'est apache.
> avec bien sûr la bonne adresse dans email.
Ici le champs a l'air haché.
> Il vaudrait mieux je pense utiliser une clef RSA. L'interopérabilité est
> actuellement meilleure avec une clef RSA que ECDSA.
Même en forçant le renewal, je suis toujours au message d'erreur :
flnews: TLS: RSA key modulus size: 2048 bit
flnews: TLS: Warning: RSA key modulus should be at least 3072 bit
C'est ce que j'ai :
flnews: TLS: OpenSSL library version: 1.1.1n (0x101010EF)
flnews: TLS: Protocol version TLSv1.3 available for negotiation
flnews: INET: Using IPv6 protocol
flnews: TLS: Workaround for OpenSSL 1.1.1: Ignore FFDHE group configuration
flnews: TLS: Warning: X.509 certificate revocation checks disabled by
configuration
flnews: TLS: Using SNI extension with: pasdenom.info
flnews: TLS: Failed to establish TLS connection
flnews: TLS: Error: wrong version number
flnews: NNTP: Failed to establish encryption layer
flnews: NNTP: Cannot connect to server
flnews: INET: Using IPv6 protocol
flnews: TLS: Workaround for OpenSSL 1.1.1: Ignore FFDHE group configuration
flnews: TLS: Warning: X.509 certificate revocation checks disabled by
configuration
flnews: TLS: Using SNI extension with: pasdenom.info
flnews: TLS: Failed to establish TLS connection
flnews: TLS: Error: wrong version number
flnews: NNTP: Failed to establish encryption layer
flnews: NNTP: Cannot connect to server
--
Stéphane