With new Let's Encrypt certificate, "Check For Update" failed. :: Support Forum

buri Donor
Joined:: 2016-05-28
Posts:: 3
Location:: Slovakia

With new Let's Encrypt certificate, "Check For Update" failed.

2016-05-28 14:23

Hi!

I tried to update WinSCP 5.8.2 beta (build 6284) via "Check For Updates" but winscp.net has new Let's Encrypt certificate, so, it's failed because of certification trust. (look attachment)

cert.png (32.58 KB)

Description: Error

Reply with quote E-mail

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 41,518
Location:: Prague, Czechia

Re: With new Let's Encrypt certificate, "Check For Update" failed.

2016-05-29

Thanks for your report.
Is it Windows 10? What build?

I cannot reproduce the problem.

Does your web browser (which one?) trust the new certificate? Try the Edge or Internet Explorer too.

Reply with quote

buri Donor
Joined:: 2016-05-28
Posts:: 3
Location:: Slovakia

Re: With new Let's Encrypt certificate, "Check For Update" failed.

2016-05-29 20:15

@martin: Windows 10 Pro, Version: 1511, OS Build: 10586.318 (I'm updating my OS).
Domain winscp.net in Google Chrome and Internet Explorer which use central "Trusted Root Certification Authorities" is trusted. (look attachment).
That is the weird thing...

certs.PNG (421.45 KB)

Reply with quote E-mail

martin◆ Site Admin

Re: With new Let's Encrypt certificate, "Check For Update" failed.

2016-05-30

Please try to connect to the https://winscp.net/, as if it were a WebDAV server and attach a Debug-2 level session log file.

Reply with quote

buri Donor
Joined:: 2016-05-28
Posts:: 3
Location:: Slovakia

Re: With new Let's Encrypt certificate, "Check For Update" failed.

2016-05-30 14:04

Log in attachment.
The main lines:

 2016-05-30 15:01:29.965 Doing SSL negotiation.
. 2016-05-30 15:01:30.169 ssl: Verify callback @ 1 => 20
. 2016-05-30 15:01:30.180 ssl: Verify failures |= 8 => 8
. 2016-05-30 15:01:30.214 Chain depth: 2
. 2016-05-30 15:01:30.225 ssl: Match common name 'winscp.net' against ''
. 2016-05-30 15:01:30.235 ssl: Match common name '<www.>winscp.net' against ''
. 2016-05-30 15:01:30.247 Identity match for '': [b]bad[/b]
. 2016-05-30 15:01:30.259 ssl: Match common name 'Let's Encrypt Authority X3' against ''
. 2016-05-30 15:01:30.269 Identity match for '': [b]bad[/b]
. 2016-05-30 15:01:30.280 ssl: Match common name 'winscp.net' against 'winscp.net'
. 2016-05-30 15:01:30.293 Identity match for 'winscp.net': [u]good[/u]
. 2016-05-30 15:01:30.304 Verifying certificate for "winscp.net" with fingerprint cf:11:88:6b:8e:27:f6:09:ea:01:ab:c5:71:df:cc:03:0a:f7:f1:13 and 08 failures
. 2016-05-30 15:01:30.316 Certificate for "winscp.net" matches cached fingerprint and failures
. 2016-05-30 15:01:30.328 Using TLSv1.2, cipher TLSv1/SSLv3: ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
. 2016-05-30 15:01:30.340 Request sent; retry is 0.