Bug#927435: upgrade-reports: Buster upgrade: had to re-create unbound certs/keys
Package: upgrade-reports
Severity: normal
After upgrading to buster, unbound-control would fail to run with this error..
error: Error setting up SSL_CTX client cert
139765110753216:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small:../ssl/ssl_rsa.c:310:
To fix this I had to regenerate the certs and keys by removing the old ones and
running unbound-control-setup, then restarting unbound. This fixed the issue.
$ cd /etc/unbound/
$ sudo rm *.key *.pem
$ sudo unbound-control-setup
$ sudo systemctl restart unbound
Note that with unbound-control broken, that broke `systemctl reload unbound` as
it depends on unbound-control.
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--
John Eikenberry
[ jae@zhar.net - http://zhar.net ]
________________________________________________________________________
"Perfection is attained, not when no more can be added, but when no more
can be removed." -- Antoine de Saint-Exupery
Reply to: