[SOLVED] unbound - SSL handshake error
-
Hello!
I seem to have a problem with unbound. I started a thread in the pfBlockerNG subforum, because that's where the error appeared to come from at first. Please have a look here.
So when I execute
unbound-control -c /var/unbound/unbound.conf status
I get this
error: SSL handshake failed 34386131464:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:
Here's the unbound.conf
########################## # Unbound Configuration ########################## ## # Server configuration ## server: chroot: /var/unbound username: "unbound" directory: "/var/unbound" pidfile: "/var/run/unbound.pid" use-syslog: yes port: 53 verbosity: 1 hide-identity: yes hide-version: yes harden-glue: yes do-ip4: yes do-ip6: yes do-udp: yes do-tcp: yes do-daemonize: yes module-config: "iterator" unwanted-reply-threshold: 0 num-queries-per-thread: 512 jostle-timeout: 200 infra-host-ttl: 900 infra-cache-numhosts: 10000 outgoing-num-tcp: 10 incoming-num-tcp: 10 edns-buffer-size: 4096 cache-max-ttl: 86400 cache-min-ttl: 0 harden-dnssec-stripped: no msg-cache-size: 4m rrset-cache-size: 8m num-threads: 4 msg-cache-slabs: 4 rrset-cache-slabs: 4 infra-cache-slabs: 4 key-cache-slabs: 4 outgoing-range: 4096 #so-rcvbuf: 4m prefetch: yes prefetch-key: yes use-caps-for-id: no # Statistics # Unbound Statistics statistics-interval: 0 extended-statistics: yes statistics-cumulative: yes # Interface IP(s) to bind to interface: 0.0.0.0 interface: ::0 interface-automatic: yes # Outgoing interfaces to be used outgoing-interface: 87.79.65.190 # DNS Rebinding # For DNS Rebinding prevention private-address: 10.0.0.0/8 private-address: 172.16.0.0/12 private-address: 169.254.0.0/16 private-address: 192.168.0.0/16 private-address: fd00::/8 private-address: fe80::/10 # Set private domains in case authoritative name server returns a Private IP address private-domain: "somedomain.loc" domain-insecure: "somedomain.loc" # Access lists include: /var/unbound/access_lists.conf # Static host entries include: /var/unbound/host_entries.conf # dhcp lease entries include: /var/unbound/dhcpleases_entries.conf # Domain overrides include: /var/unbound/domainoverrides.conf # Unbound custom options ### # Remote Control Config ###
I am running 2.3.2-RELEASE (amd64) on SSD with RAM disks for /tmp and /var.
If need be the machine can be reinstalled, provided that I can reuse the config, but if someone does know what's wrong I'd like to try and fix it first.
Thanks!
-
Update: Had another look this morning, and the error is gone. I rebooted because of something else yesterday evening, and that seems to have done it. I thought that only works for Windows. Strange.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.