OpenVPN with Let's Encrypt certificate
Posted: Mon Nov 27, 2017 12:43 pm
While I am trying to connect to the server it disconnects midway stating that it cannot find the certificate of the Server. I am using a Let's Encrypt CA which issues certificate from an Intermediate CA. Is there a workaround or solution for this. My log file is as below
Nov 26 19:02:55: State changed to Connecting
Nov 26 19:02:55: Viscosity Windows 1.7.5 (1530)
Nov 26 19:02:55: Running on Microsoft Windows 10 Pro
Nov 26 19:02:55: Running on .NET Framework Version 4.7.02556.461308
Nov 26 19:02:55: Bringing up interface...
Nov 26 19:02:56: Checking reachability status of connection...
Nov 26 19:02:56: Connection is reachable. Starting connection attempt.
Nov 26 19:02:57: OpenVPN 2.4.4 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 27 2017
Nov 26 19:02:57: library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
Nov 26 19:03:07: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Nov 26 19:03:07: TCP/UDP: Preserving recently used remote address: [AF_INET]99.11.68.146:1194
Nov 26 19:03:07: UDP link local (bound): [AF_INET][undef]:0
Nov 26 19:03:07: UDP link remote: [AF_INET]99.11.68.146:1194
Nov 26 19:03:07: State changed to Authenticating
Nov 26 19:03:07: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Nov 26 19:03:08: VERIFY ERROR: depth=1, error=unable to get issuer certificate: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Nov 26 19:03:08: OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Nov 26 19:03:08: TLS_ERROR: BIO read tls_read_plaintext error
Nov 26 19:03:08: TLS Error: TLS object -> incoming plaintext read error
Nov 26 19:03:08: TLS Error: TLS handshake failed
Nov 26 19:03:08: SIGUSR1[soft,tls-error] received, process restarting
Nov 26 19:03:08: State changed to Connecting
Nov 26 19:03:18: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Nov 26 19:03:18: TCP/UDP: Preserving recently used remote address: [AF_INET]99.11.68.146:1194
Nov 26 19:03:18: UDP link local (bound): [AF_INET][undef]:0
Nov 26 19:03:18: UDP link remote: [AF_INET]99.11.68.146:1194
Nov 26 19:03:18: State changed to Authenticating
Nov 26 19:03:18: VERIFY ERROR: depth=1, error=unable to get issuer certificate: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Nov 26 19:03:18: OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Nov 26 19:03:18: TLS_ERROR: BIO read tls_read_plaintext error
Nov 26 19:03:18: TLS Error: TLS object -> incoming plaintext read error
Nov 26 19:03:18: TLS Error: TLS handshake failed
Nov 26 19:03:18: SIGUSR1[soft,tls-error] received, process restarting
Nov 26 19:03:18: State changed to Connecting
Nov 26 19:03:29: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Nov 26 19:03:29: TCP/UDP: Preserving recently used remote address: [AF_INET]99.11.68.146:1194
Nov 26 19:03:29: UDP link local (bound): [AF_INET][undef]:0
Nov 26 19:03:29: UDP link remote: [AF_INET]99.11.68.146:1194
Nov 26 19:03:29: State changed to Authenticating
Nov 26 19:03:29: VERIFY ERROR: depth=1, error=unable to get issuer certificate: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Nov 26 19:03:29: OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Nov 26 19:03:29: TLS_ERROR: BIO read tls_read_plaintext error
Nov 26 19:03:29: TLS Error: TLS object -> incoming plaintext read error
Nov 26 19:03:29: TLS Error: TLS handshake failed
Nov 26 19:03:29: SIGUSR1[soft,tls-error] received, process restarting
Nov 26 19:03:29: State changed to Connecting
Nov 26 19:03:34: State changed to Disconnecting
Nov 26 19:03:34: State changed to Disconnected
Nov 26 19:02:55: State changed to Connecting
Nov 26 19:02:55: Viscosity Windows 1.7.5 (1530)
Nov 26 19:02:55: Running on Microsoft Windows 10 Pro
Nov 26 19:02:55: Running on .NET Framework Version 4.7.02556.461308
Nov 26 19:02:55: Bringing up interface...
Nov 26 19:02:56: Checking reachability status of connection...
Nov 26 19:02:56: Connection is reachable. Starting connection attempt.
Nov 26 19:02:57: OpenVPN 2.4.4 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 27 2017
Nov 26 19:02:57: library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
Nov 26 19:03:07: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Nov 26 19:03:07: TCP/UDP: Preserving recently used remote address: [AF_INET]99.11.68.146:1194
Nov 26 19:03:07: UDP link local (bound): [AF_INET][undef]:0
Nov 26 19:03:07: UDP link remote: [AF_INET]99.11.68.146:1194
Nov 26 19:03:07: State changed to Authenticating
Nov 26 19:03:07: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Nov 26 19:03:08: VERIFY ERROR: depth=1, error=unable to get issuer certificate: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Nov 26 19:03:08: OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Nov 26 19:03:08: TLS_ERROR: BIO read tls_read_plaintext error
Nov 26 19:03:08: TLS Error: TLS object -> incoming plaintext read error
Nov 26 19:03:08: TLS Error: TLS handshake failed
Nov 26 19:03:08: SIGUSR1[soft,tls-error] received, process restarting
Nov 26 19:03:08: State changed to Connecting
Nov 26 19:03:18: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Nov 26 19:03:18: TCP/UDP: Preserving recently used remote address: [AF_INET]99.11.68.146:1194
Nov 26 19:03:18: UDP link local (bound): [AF_INET][undef]:0
Nov 26 19:03:18: UDP link remote: [AF_INET]99.11.68.146:1194
Nov 26 19:03:18: State changed to Authenticating
Nov 26 19:03:18: VERIFY ERROR: depth=1, error=unable to get issuer certificate: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Nov 26 19:03:18: OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Nov 26 19:03:18: TLS_ERROR: BIO read tls_read_plaintext error
Nov 26 19:03:18: TLS Error: TLS object -> incoming plaintext read error
Nov 26 19:03:18: TLS Error: TLS handshake failed
Nov 26 19:03:18: SIGUSR1[soft,tls-error] received, process restarting
Nov 26 19:03:18: State changed to Connecting
Nov 26 19:03:29: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Nov 26 19:03:29: TCP/UDP: Preserving recently used remote address: [AF_INET]99.11.68.146:1194
Nov 26 19:03:29: UDP link local (bound): [AF_INET][undef]:0
Nov 26 19:03:29: UDP link remote: [AF_INET]99.11.68.146:1194
Nov 26 19:03:29: State changed to Authenticating
Nov 26 19:03:29: VERIFY ERROR: depth=1, error=unable to get issuer certificate: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Nov 26 19:03:29: OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Nov 26 19:03:29: TLS_ERROR: BIO read tls_read_plaintext error
Nov 26 19:03:29: TLS Error: TLS object -> incoming plaintext read error
Nov 26 19:03:29: TLS Error: TLS handshake failed
Nov 26 19:03:29: SIGUSR1[soft,tls-error] received, process restarting
Nov 26 19:03:29: State changed to Connecting
Nov 26 19:03:34: State changed to Disconnecting
Nov 26 19:03:34: State changed to Disconnected