Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: With new Let's Encrypt certificate, "Check For Update" failed.

I have sent you an email with a debug version of WinSCP to the address you have used to register on this forum.
buri

Re: With new Let's Encrypt certificate, "Check For Update" failed.

martin wrote:

Please try to connect to the https://winscp.net/, as if it were a WebDAV server and attach a Debug-2 level session log file.


Log in attachment.
The main lines:
2016-05-30 15:01:29.965 Doing SSL negotiation.
. 2016-05-30 15:01:30.169 ssl: Verify callback @ 1 => 20
. 2016-05-30 15:01:30.180 ssl: Verify failures |= 8 => 8
. 2016-05-30 15:01:30.214 Chain depth: 2
. 2016-05-30 15:01:30.225 ssl: Match common name 'winscp.net' against ''
. 2016-05-30 15:01:30.235 ssl: Match common name '<www.>winscp.net' against ''
. 2016-05-30 15:01:30.247 Identity match for '': bad
. 2016-05-30 15:01:30.259 ssl: Match common name 'Let's Encrypt Authority X3' against ''
. 2016-05-30 15:01:30.269 Identity match for '': bad
. 2016-05-30 15:01:30.280 ssl: Match common name 'winscp.net' against 'winscp.net'
. 2016-05-30 15:01:30.293 Identity match for 'winscp.net': good
. 2016-05-30 15:01:30.304 Verifying certificate for "winscp.net" with fingerprint cf:11:88:6b:8e:27:f6:09:ea:01:ab:c5:71:df:cc:03:0a:f7:f1:13 and 08 failures
. 2016-05-30 15:01:30.316 Certificate for "winscp.net" matches cached fingerprint and failures
. 2016-05-30 15:01:30.328 Using TLSv1.2, cipher TLSv1/SSLv3: ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
. 2016-05-30 15:01:30.340 Request sent; retry is 0.
martin

Re: With new Let's Encrypt certificate, "Check For Update" failed.

Please try to connect to the https://winscp.net/, as if it were a WebDAV server and attach a Debug-2 level session log file.
buri

Re: With new Let's Encrypt certificate, "Check For Update" failed.

martin wrote:

Thanks for your report.
Is it Windows 10? What build?

I cannot reproduce the problem.

Does your web browser (which one?) trust the new certificate? Try the Edge or Internet Explorer too.


Windows 10 Pro, Version: 1511, OS Build: 10586.318 (I'm updating my OS).
Domain winscp.net in Google Chrome and Internet Explorer which use central "Trusted Root Certification Authorities" is trusted. (look attachment).
That is the weird thing...
martin

Re: With new Let's Encrypt certificate, "Check For Update" failed.

Thanks for your report.
Is it Windows 10? What build?

I cannot reproduce the problem.

Does your web browser (which one?) trust the new certificate? Try the Edge or Internet Explorer too.
buri

With new Let's Encrypt certificate, "Check For Update" failed.

Hi!

I tried to update WinSCP 5.8.2 beta (build 6284) via "Check For Updates" but winscp.net has new Let's Encrypt certificate, so, it's failed because of certification trust. (look attachment)