X.509 cert for openpgpkey.gnupg.org is expired
Closed, ResolvedPublic

Description

It looks to me like the X.509 certificate that anchors
https://openpgpkey.gnupg.org/ expired on October 24th. This means that
wkd lookups to anyone @gnupg.org don't work.

dirmngr says:

DBG: chan_5 <- WKD_GET -- gnupg-devel@gnupg.org
DBG: dns: resolve_dns_name(openpgpkey.gnupg.org): Success
DBG: chan_5 -> S SOURCE https://openpgpkey.gnupg.org
DBG: Using TLS library: GNUTLS 3.6.9
DBG: http.c:connect_server: trying name='openpgpkey.gnupg.org' port=443
DBG: dns: resolve_dns_name(openpgpkey.gnupg.org): Success
DBG: http.c:1901:socket_new: object 0x00007f601c30fa70 for fd 6 created
TLS verification of peer failed: status=0x0402
TLS verification of peer failed: The certificate is NOT trusted. The certificate chain uses expired certificate.
DBG: expected hostname: openpgpkey.gnupg.org
DBG: BEGIN Certificate 'server[0]':
DBG:      serial: 0383B8C085F9EDBCA0412AF1F335992A0AF3
DBG:   notBefore: 2019-07-26 23:19:09
DBG:    notAfter: 2019-10-24 23:19:09
DBG:      issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
DBG:     subject: CN=openpgpkey.gnupg.org
DBG:         aka: (8:dns-name20:openpgpkey.gnupg.org)
DBG:   hash algo: 1.2.840.113549.1.1.11
DBG:   SHA1 fingerprint: 20D5B259561D3E12CD4514CBB69053BF87161D14
DBG: END Certificate
DBG: BEGIN Certificate 'server[1]':
DBG:      serial: 0A0141420000015385736A0B85ECA708
DBG:   notBefore: 2016-03-17 16:40:46
DBG:    notAfter: 2021-03-17 16:40:46
DBG:      issuer: CN=DST Root CA X3,O=Digital Signature Trust Co.
DBG:     subject: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
DBG:   hash algo: 1.2.840.113549.1.1.11
DBG:   SHA1 fingerprint: E6A3B45B062D509B3382282D196EFE97D5956CCB
DBG: END Certificate
TLS connection authentication failed: General error
error connecting to 'https://openpgpkey.gnupg.org/.well-known/openpgpkey/gnupg.org/hu/pofy55tsrdojuaf5rysodeo5p76qcgyg?l=gnupg-devel': General error
command 'WKD_GET' failed: General error <Unspecified source>
DBG: chan_5 -> ERR 1 General error <Unspecified source>
DBG: chan_5 <- BYE
dkg created this task.Oct 28 2019, 11:36 PM
werner closed this task as Resolved.Oct 29 2019, 10:39 AM
werner edited projects, added gpgweb; removed wkd.
werner claimed this task.
werner added a subscriber: werner.

Dehydrated problem after the last server update: https://github.com/FlorentCoppint/dehydrated/commit/aed6f4ba06858c926042b95f1cef4a7a681ddf88

I did a quick fix. Thanks for noting.