It's been a major annoyance that, while I've been able to use certbot (Let's Encrypt) for my webserver certificates, and they work in most browsers, they haven't been working with openssl s_client or curl. So I finally did a lot of googling... there is lots of useless info out there on this.

What I finally ended up doing is googling the hash of the file that shows up in the strace -o/tmp/curl.log -f curl https://jcomeau.com, which is /etc/ssl/certs/4f06f81d.0. The cert I googled up is at github.com. First I verified it with openssl x509 -in letsencrypt.pem -text, then placed it into /etc/ssl/certs, then ran sudo c_rehash, which rebuilt the symlinks to hashes. finally now I can use curl.

Back to blog or home page

last updated 2020-04-07 20:14:41. served from tektonic.jcomeau.com