I just installed 22.03.3 on an RT-AX53U (Asus). I'm trying to fetch letsencrypt cert via dns challenge.
It seems this is failing due to OpenWrt not recognizing a valid Letscencrypt certificate. When I manually curl against the API URL of the powerdns server it says
root@ax1800:~# curl https://mypowerdnsapi.server.com
curl: (35) ssl_handshake returned - mbedTLS: (-0x7780) SSL - A fatal alert message was received from our peer
I cross checked by curling to a regular webserver I know it uses letsencrypt certs. This also fails with the same error.
Yes, the date is fine. I found out that all my OpenWrt devices seem to have a problem curling against letsencrypt https sites. What package contains all the CA certs?
ca-bundle was already installed ca-certificates was not. Even after installing, curl against https://libcom.de throws an error while against another letsencrypt site like https://relaix.net it does not.
It seems like this mbedTLS doesn't support the ciphers I'm offering at my nginx reverse proxy which is somewhat weird because I optimized them for being as secure as possible.