SSL errors using the LimeLM APIAnswered

Hi, we're trying to use the LimeLM API to generate or update keys and are getting SSL errors - from curl:

SSL peer certificate or SSH remote key was not OK: [wyday.com] SSL certificate problem: unable to get local issuer certificate

Is there any information you can provide about this or anything we can try to resolve this?

👀 1

Hey probably having the same issue here!
cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://wyday.com/limelm/api/rest/

CURLE_PEER_FAILED_VERIFICATION (60)

The remote server's SSL certificate or SSH fingerprint was deemed not OK. This error code has been unified with CURLE_SSL_CACERT since 7.62.0. Its previous value was 51.

Is there anything we need to do on our end?
If this is in your hands, any estimates on when this issue will be resolved?

Looks like my other response was removed (it did have a pretty long chunk of command output) but I wanted to note that this is pretty easily testable via openssl :

openssl s_client -showcerts -connect wyday.com:443

which clearly shows the errors in the certificate chain:

depth=0 CN=wyday.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN=wyday.com
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN=wyday.com
verify return:1
Answer

We've fixed this.

Our servers were sending the wrong intermediate certificate (that Curl doesn't handle). This was an error on our part (due to configuration change in the cert issuer).

We're updating our TLS renewal code to make it more robust (and handle intermediate changes automatically).

👍 1

Excellent, thank you very much! Everything seems to be working now.

thanks for quickly fixing this