[Gpg4win-users-en] "Certificate expired" still happens after GnuPG is updated to 2.2.32

Yasuhiro Kimura yasu at utahime.org
Wed Oct 20 18:11:52 CEST 2021 

From: Bernhard Reiter <bernhard at intevation.de>
Subject: Re: [Gpg4win-users-en] "Certificate expired" still happens after GnuPG is updated to 2.2.32
Date: Wed, 20 Oct 2021 10:13:54 +0200

> thanks for reporting that you are still having problems!
> And sorry for this, we need to find out more
> what is going in your situation in detail.
> 
> Things you can try or check:
>  * The service process "dirmngr" needs to be restartet after
>    the install. If that did not work, can you try to manually
>    restart it? [1]
> 
>  * Add a "--verbose" to the command line call and tell me, 
>    which keyserver you are using.
> 
>  * Add a "verbose" and a "log-file" to the dirmngr options.
>    Usually that file is at AppData\Roadmin\gnupg\dirmngr.conf . 
>    Use an editor like notepad to add something like
>      verbose
>      log-file c:\users\youruser\dirmngr-log.txt
>   to the end of dirmngr.conf and restart dirmngr [1].
> 
> This is the analysis step.
> Note one idea is that it maybe possible that your system storage (in windows)
> still needs to get the new Let's encrypt certificate.
> 
> [1] To restart dirmngr:
> Just stop the running dirmgnr, it will restart automatically
> when needed. You could ether
>  * use "gpgconf --kill dirmngr" on the command line  
>  * use the task manager -> Details to end dirmngr.
>  * restart the Windows operating system
> 
> Best Regards,
> Bernhard

At first I added "verbose" and a "log-file" to dirmngr.conf

----------------------------------------------------------------------
C:\Users\yasu>type AppData\Roaming\gnupg\dirmngr.conf
disable-ipv6
verbose
log-file C:\Users\yasu\Temp\dirmngr-log.txt

C:\Users\yasu>
----------------------------------------------------------------------

'disable-ipv6' is necessary because my network is IPv4 only.

Then I stopped dirmngr with `gpgconf --kill dirmng`, executed
`gpg --verbose --search-keys gmail.com` and got following result.

----------------------------------------------------------------------
C:\Users\yasu>gpg --verbose --search-keys gmail.com
gpg: no running Dirmngr - starting 'C:\Program Files (x86)\Gpg4win\..\GnuPG\bin\dirmngr.exe'
gpg: waiting for the dirmngr to come up ... (5s)
gpg: waiting for the dirmngr to come up ... (4s)
gpg: waiting for the dirmngr to come up ... (3s)
gpg: waiting for the dirmngr to come up ... (2s)
gpg: connection to dirmngr established
gpg: error searching keyserver: Certificate expired
gpg: keyserver search failed: Certificate expired

C:\Users\yasu>
----------------------------------------------------------------------

And following log messages are written to
C:\Users\yasu\Temp\dirmngr-log.txt.

----------------------------------------------------------------------
C:\Users\yasu>type C:\Users\yasu\Temp\dirmngr-log.txt
2021-10-21 01:07:08 dirmngr[19204] listening on socket 'C:\Users\yasu\AppData\Local\gnupg\S.dirmngr'
2021-10-21 01:07:08 dirmngr[19204] permanently loaded certificates: 96
2021-10-21 01:07:08 dirmngr[19204]     runtime cached certificates: 0
2021-10-21 01:07:08 dirmngr[19204]            trusted certificates: 96 (96,0,0,0)
2021-10-21 01:07:09 dirmngr[19204] handler for fd 692 started
2021-10-21 01:07:09 dirmngr[19204] resolve_dns_addr for 'keyserver.ubuntu.com': '162.213.33.9'
2021-10-21 01:07:09 dirmngr[19204] resolve_dns_addr for 'keyserver.ubuntu.com': '162.213.33.8'
2021-10-21 01:07:09 dirmngr[19204] detected interfaces: IPv4
2021-10-21 01:07:10 dirmngr[19204] certificate already cached
2021-10-21 01:07:10 dirmngr[19204] certificate cached
2021-10-21 01:07:10 dirmngr[19204] Note: non-critical certificate policy not allowed
2021-10-21 01:07:10 dirmngr[19204] certificate is good
2021-10-21 01:07:10 dirmngr[19204] certificate has expired
2021-10-21 01:07:10 dirmngr[19204] (expired at 2021-09-29 19:21:40)
2021-10-21 01:07:10 dirmngr[19204] Note: non-critical certificate policy not allowed
2021-10-21 01:07:10 dirmngr[19204] certificate is good
2021-10-21 01:07:10 dirmngr[19204] certificate has expired
2021-10-21 01:07:10 dirmngr[19204] (expired at 2021-09-30 14:01:15)
2021-10-21 01:07:10 dirmngr[19204] root certificate is good and trusted
2021-10-21 01:07:10 dirmngr[19204] target certificate is NOT valid
2021-10-21 01:07:10 dirmngr[19204] TLS handshake failed: Certificate expired <Dirmngr>
2021-10-21 01:07:10 dirmngr[19204] error connecting to 'https://162.213.33.8:443': Certificate expired
2021-10-21 01:07:10 dirmngr[19204] command 'KS_SEARCH' failed: Certificate expired
2021-10-21 01:07:10 dirmngr[19204] handler for fd 692 terminated

C:\Users\yasu>
----------------------------------------------------------------------

---
Yasuhiro Kimura

More information about the Gpg4win-users-en mailing list