Hi,
Since few days, I have some podcasts that were perfectly working that cannot be played anymore due to certificate non validated.
It seems that one of the certificates has changed 4 days ago and that gnutls is not managing it properly.
Here the check on the ssl certficate for one of the concerned URL :
‘https://www.sslshopper.com/ssl-checker.html#hostname=https://rf.proxycast.org/2bac8238-7f93-4283-8ddc-2f330874d720/20108-05.05.2020-ITEMA_22334674-3-1779455909.m4a’
Related post that explains the issue :
https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration
So I think there is a need to do some updates on volumio to handle this otherwise we will have to wait for all servers using this certificate to hopefully fix it.
Cheers,
Pierre.
1 Like
Good find…
This should do the trick (for now! And as usual caveat emptor)
#!/usr/bin/env bash
# Patch certificates
# https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020
if [[ "$EUID" -ne 0 ]]; then
echo "Please rerun as root"
exit 1
fi
if [[ -f /etc/ca-certificates.conf ]]; then
sed -i "s|^mozilla/AddTrust_External_Root.crt$|# Disabling for now to fix Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020\n# mozilla/AddTrust_External_Root.crt|" /etc/ca-certificates.conf
update-ca-certificates
fi
I think this is not a good idea: any manual intervention will prevent updates to apply correctly
I also have some issues with this web radio
https://nr4.newradio.it/proxy/marcroma?mp=/stream&1591189448327
it used to works till few days ago, now I get some errors with certificate trying to play it
I would agree but I did the change in /etc/ca-certificates.conf anyway.
Difficult to negotiate with 4 and 6 years old children who wants their favorite podcast.