error: SSL handshake failed

noplan

unbound-control -c /var/unbound/unbound.conf status
results in -->

error: SSL handshake failed
34391444536:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/build/ce-crossbuild-244/pfSense/tmp/FreeBSD-src/crypto/openssl/ssl/s3_clnt.c:1269:

not able to fix it myself / head against the tree ;)

in unbound.conf uncommented the following:
/usr/local/etc/unbound/unbound.conf

#unbound server key file.
server-key-file: "/usr/local/etc/unbound/unbound_server.key"

    # unbound server certificate file.
     server-cert-file: "/usr/local/etc/unbound/unbound_server.pem"

    # unbound-control key file.
    control-key-file: "/usr/local/etc/unbound/unbound_control.key"

    # unbound-control certificate file.
     control-cert-file: "/usr/local/etc/unbound/unbound_control.pem"

after that reload and restart ... same error

DNS Forwarder enabled
DNSSEC disabled
NICs LAN and localhost
no Custom Options set

Any Ideas ...

after deleting these in
/var/unbound

dnsbl_cert.pem
unbound_control.key
unbound_control.pem
unbound_server.key
unbound_server.pem

and restartet the box (baby)

no error ! :)

after activating pfB & DNSBL

grep 'DNSBL update' /var/log/pfblockerng/pfblockerng.log | tail -1

DNSBL update [ 183054 | PASSED ]... completed

I hope i fixed this !
sometimes puttin your headphones on helps !
"cat stevens and chris & chris cornell "

best regards in advanced !
on 2.4.4-RELEASE-p1
nP

bulletjie

This worked for me too. Thanks for sharing your solution!

Calin

Worked for me too, thanks.
pfsense 2.4.5-RELEASE-p1.

Gertjan

The file

/usr/local/etc/unbound/unbound.conf

isn't used by any process neither unbound. It's there for historical show-case reasons - and eating some disk space.
Changing that file, or even deleting it won't make any difference.

@calin said in error: SSL handshake failed:

Worked for me too, thanks.

so, what worked for you ?

Btw : I guess this is/was also valid for 2.4.4-p1 - many years ago.