Thank you for your donation!


Cloudsmith graciously provides open-source package management and distribution for our project.


Solved: Radio Paradise - server certificate verification failed.
#1
Hi,

suddenly Radio Paradise will not play anymore...


Code:
pi@moode-WZ:/var/log/mpd $ cat log
Oct 01 22:06 : exception: nested: CURL failed: server certificate verification failed. CAfile: none CRLfile: none
Oct 01 22:06 : player: played "https://stream.radioparadise.com/aac-320"


Moode 6.7.1

Tried:
Code:
pi@moode-WZ:/var/log $ sudo update-ca-certificates
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
No success, which was not surprising according to the message.

Any further ideas?

Thx and
Regards
Jörg
Reply
#2
Does the certificate trace back to Lets Encrypt? Widespread chaos on the InterWeb™ due to this: fortinet-shopify-others-report-issues-after-root-ca-certificate-from-lets-encrypt-expires/

Regards,
Kent
Reply
#3
Ouch!
Enjoy the Music!
moodeaudio.org | Mastodon Feed | GitHub
Reply
#4
Hi,

All three Radio Paradise streams are playing fine for me.

Regards.
Reply
#5
(10-01-2021, 09:22 PM)Phil323UK Wrote: Hi,

All three Radio Paradise streams are playing fine for me.

Regards.

Works for me too.
When I check the DST root cert..
.
cd /etc/ssl/certs
ls -l DST*
lrwxrwxrwx 1 root root 53 Dec 2 2020 DST_Root_CA_X3.pem -> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt

If your version is older, you might need to update ca-certificates.

sudo apt update
sudo apt install ca-certificates

Cheers,

Phil

Reply
#6
(10-02-2021, 08:57 AM)philrandal Wrote:
(10-01-2021, 09:22 PM)Phil323UK Wrote: Hi,

All three Radio Paradise streams are playing fine for me.

Regards.

Works for me too.
When I check the DST root cert..
.
cd /etc/ssl/certs
ls -l  DST*
lrwxrwxrwx 1 root root 53 Dec  2  2020 DST_Root_CA_X3.pem -> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt

If your version is older, you might need to update ca-certificates.

sudo apt update
sudo apt install ca-certificates

Cheers,

Phil
Thx Phil.

Checked the DST root cert:

Code:
pi@moode-WZ:/etc/ssl/certs $ ls -l DST*
lrwxrwxrwx 1 root root 53 May 27  2020 DST_Root_CA_X3.pem -> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
Seems to be an older one in my Moode 6.7.1

Did then the apt update / apt install ca-certificates which seemed to work, but:

Code:
pi@moode-WZ:/etc/ssl/certs $ sudo apt install ca-certificates
Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following packages will be upgraded:
 ca-certificates
1 upgraded, 0 newly installed, 0 to remove and 234 not upgraded.
Need to get 166 kB of archives.
After this operation, 21.5 kB of additional disk space will be used.
Get:1 http://ftp.gwdg.de/pub/linux/debian/raspbian/raspbian buster/main armhf ca-certificates all 20200601~deb10u2 [166 kB]
Fetched 166 kB in 1s (315 kB/s)    
Reading changelogs... Done
Preconfiguring packages ...
(Reading database ... 64087 files and directories currently installed.)
Preparing to unpack .../ca-certificates_20200601~deb10u2_all.deb ...
Unpacking ca-certificates (20200601~deb10u2) over (20200601~deb10u1) ...
Setting up ca-certificates (20200601~deb10u2) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for ca-certificates (20200601~deb10u2) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
pi@moode-WZ:/etc/ssl/certs $ ls -l DST*
lrwxrwxrwx 1 root root 53 May 27  2020 DST_Root_CA_X3.pem -> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
Obviously no newer version of the DST root cert. RP still returning the same error message after reboot.

Huh 

Thx and
Regards
Jörg
Reply
#7
(10-02-2021, 04:24 PM)Kikaha Wrote:
(10-02-2021, 08:57 AM)philrandal Wrote:
(10-01-2021, 09:22 PM)Phil323UK Wrote: Hi,

All three Radio Paradise streams are playing fine for me.

Regards.

Works for me too.
When I check the DST root cert..
.
cd /etc/ssl/certs
ls -l  DST*
lrwxrwxrwx 1 root root 53 Dec  2  2020 DST_Root_CA_X3.pem -> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt

If your version is older, you might need to update ca-certificates.

sudo apt update
sudo apt install ca-certificates

Cheers,

Phil
Thx Phil.

Checked the DST root cert:

Code:
pi@moode-WZ:/etc/ssl/certs $ ls -l DST*
lrwxrwxrwx 1 root root 53 May 27  2020 DST_Root_CA_X3.pem -> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
Seems to be an older one in my Moode 6.7.1

Did then the apt update / apt install ca-certificates which seemed to work, but:

Code:
pi@moode-WZ:/etc/ssl/certs $ sudo apt install ca-certificates
Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following packages will be upgraded:
 ca-certificates
1 upgraded, 0 newly installed, 0 to remove and 234 not upgraded.
Need to get 166 kB of archives.
After this operation, 21.5 kB of additional disk space will be used.
Get:1 http://ftp.gwdg.de/pub/linux/debian/raspbian/raspbian buster/main armhf ca-certificates all 20200601~deb10u2 [166 kB]
Fetched 166 kB in 1s (315 kB/s)    
Reading changelogs... Done
Preconfiguring packages ...
(Reading database ... 64087 files and directories currently installed.)
Preparing to unpack .../ca-certificates_20200601~deb10u2_all.deb ...
Unpacking ca-certificates (20200601~deb10u2) over (20200601~deb10u1) ...
Setting up ca-certificates (20200601~deb10u2) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for ca-certificates (20200601~deb10u2) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
pi@moode-WZ:/etc/ssl/certs $ ls -l DST*
lrwxrwxrwx 1 root root 53 May 27  2020 DST_Root_CA_X3.pem -> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
Obviously no newer version of the DST root cert. RP still returning the same error message after reboot.

Huh 

Thx and

Not sure what to suggest other than taking the plunge and moving to Moode 7.4.0.

Radio Paradise does use a Let's Encrypt certificate so it is probably related to the root certificate problem.

Maybe openssl needs updating,  or something else, or the old cert needs manually removing.

I don't have a copy of Moode 6.7.1 to play with, nor the spare time, alas.

The only other thing I can suggest is checking the Let's Encrypt forums.

Phil

Reply
#8
(10-02-2021, 06:37 PM)philrandal Wrote:
(10-02-2021, 04:24 PM)Kikaha Wrote:
(10-02-2021, 08:57 AM)philrandal Wrote:
(10-01-2021, 09:22 PM)Phil323UK Wrote: Hi,

All three Radio Paradise streams are playing fine for me.

Regards.

Works for me too.
When I check the DST root cert..
.
cd /etc/ssl/certs
ls -l  DST*
lrwxrwxrwx 1 root root 53 Dec  2  2020 DST_Root_CA_X3.pem -> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt

If your version is older, you might need to update ca-certificates.

sudo apt update
sudo apt install ca-certificates

Cheers,

Phil
Thx Phil.

Checked the DST root cert:

Code:
pi@moode-WZ:/etc/ssl/certs $ ls -l DST*
lrwxrwxrwx 1 root root 53 May 27  2020 DST_Root_CA_X3.pem -> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
Seems to be an older one in my Moode 6.7.1

Did then the apt update / apt install ca-certificates which seemed to work, but:

Code:
pi@moode-WZ:/etc/ssl/certs $ sudo apt install ca-certificates
Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following packages will be upgraded:
 ca-certificates
1 upgraded, 0 newly installed, 0 to remove and 234 not upgraded.
Need to get 166 kB of archives.
After this operation, 21.5 kB of additional disk space will be used.
Get:1 http://ftp.gwdg.de/pub/linux/debian/raspbian/raspbian buster/main armhf ca-certificates all 20200601~deb10u2 [166 kB]
Fetched 166 kB in 1s (315 kB/s)    
Reading changelogs... Done
Preconfiguring packages ...
(Reading database ... 64087 files and directories currently installed.)
Preparing to unpack .../ca-certificates_20200601~deb10u2_all.deb ...
Unpacking ca-certificates (20200601~deb10u2) over (20200601~deb10u1) ...
Setting up ca-certificates (20200601~deb10u2) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for ca-certificates (20200601~deb10u2) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
pi@moode-WZ:/etc/ssl/certs $ ls -l DST*
lrwxrwxrwx 1 root root 53 May 27  2020 DST_Root_CA_X3.pem -> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
Obviously no newer version of the DST root cert. RP still returning the same error message after reboot.

Huh 

Thx and

Not sure what to suggest other than taking the plunge and moving to Moode 7.4.0.

Radio Paradise does use a Let's Encrypt certificate so it is probably related to the root certificate problem.

Maybe openssl needs updating,  or something else, or the old cert needs manually removing.

I don't have a copy of Moode 6.7.1 to play with, nor the spare time, alas.

The only other thing I can suggest is checking the Let's Encrypt forums.

Phil

Try this:


Code:
sudo nano /etc/ca-certificates.conf

cursor down to


Code:
mozilla/DST_Root_CA_X3.crt


and change that line to


Code:
!mozilla/DST_Root_CA_X3.crt


Save and exit.

Then

Code:
sudo update-ca-certificates

Cheers,

Phil

Reply
#9
(10-02-2021, 07:18 PM)philrandal Wrote:
(10-02-2021, 06:37 PM)philrandal Wrote:
(10-02-2021, 04:24 PM)Kikaha Wrote:
(10-02-2021, 08:57 AM)philrandal Wrote:
(10-01-2021, 09:22 PM)Phil323UK Wrote: Hi,

All three Radio Paradise streams are playing fine for me.

Regards.

Works for me too.
When I check the DST root cert..
.
cd /etc/ssl/certs
ls -l  DST*
lrwxrwxrwx 1 root root 53 Dec  2  2020 DST_Root_CA_X3.pem -> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt

If your version is older, you might need to update ca-certificates.

sudo apt update
sudo apt install ca-certificates

Cheers,

Phil
Thx Phil.

Checked the DST root cert:

Code:
pi@moode-WZ:/etc/ssl/certs $ ls -l DST*
lrwxrwxrwx 1 root root 53 May 27  2020 DST_Root_CA_X3.pem -> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
Seems to be an older one in my Moode 6.7.1

Did then the apt update / apt install ca-certificates which seemed to work, but:

Code:
pi@moode-WZ:/etc/ssl/certs $ sudo apt install ca-certificates
Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following packages will be upgraded:
 ca-certificates
1 upgraded, 0 newly installed, 0 to remove and 234 not upgraded.
Need to get 166 kB of archives.
After this operation, 21.5 kB of additional disk space will be used.
Get:1 http://ftp.gwdg.de/pub/linux/debian/raspbian/raspbian buster/main armhf ca-certificates all 20200601~deb10u2 [166 kB]
Fetched 166 kB in 1s (315 kB/s)    
Reading changelogs... Done
Preconfiguring packages ...
(Reading database ... 64087 files and directories currently installed.)
Preparing to unpack .../ca-certificates_20200601~deb10u2_all.deb ...
Unpacking ca-certificates (20200601~deb10u2) over (20200601~deb10u1) ...
Setting up ca-certificates (20200601~deb10u2) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for ca-certificates (20200601~deb10u2) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
pi@moode-WZ:/etc/ssl/certs $ ls -l DST*
lrwxrwxrwx 1 root root 53 May 27  2020 DST_Root_CA_X3.pem -> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
Obviously no newer version of the DST root cert. RP still returning the same error message after reboot.

Huh 

Thx and

Not sure what to suggest other than taking the plunge and moving to Moode 7.4.0.

Radio Paradise does use a Let's Encrypt certificate so it is probably related to the root certificate problem.

Maybe openssl needs updating,  or something else, or the old cert needs manually removing.

I don't have a copy of Moode 6.7.1 to play with, nor the spare time, alas.

The only other thing I can suggest is checking the Let's Encrypt forums.

Phil

Try this:


Code:
sudo nano /etc/ca-certificates.conf

cursor down to


Code:
mozilla/DST_Root_CA_X3.crt


and change that line to


Code:
!mozilla/DST_Root_CA_X3.crt


Save and exit.

Then

Code:
sudo update-ca-certificates

Cheers,

Phil

This did the trick. Thank you such much Phil.

RP ist one of my most favourite radio stations and constant part of my coming down routine every evening. Together with a shot of single malt... Wink 

Updating my 6.7.1 Moode to 7.4.1 is not really an option for me since my preferred point of access is the attached 7" "official" touch display. And I guess this memory leak issue with chromium is still an issue? I refer to this thread: https://moodeaudio.org/forum/showthread.php?tid=4079

Marked this thread as solved. Again many thanks and
Regards
Jörg
Reply
#10
Glad to have been of assistance.

There's a thread somewhere about using Firefox instead of Chromium to drive the display.

Cheers,

Phil

Reply


Forum Jump: