OpenWRT package repository cert has expired [NOTABUG]

$ date
Mon Nov 20 11:55:28 PM CST 2023
$ openssl s_client -connect downloads.openwrt.com:443
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
**depth=0 CN = *.mytrafficmanagement.com**
**verify error:num=10:certificate has expired**
**notAfter=Nov  8 23:39:32 2023 GMT**
verify return:1
depth=0 CN = *.mytrafficmanagement.com
notAfter=Nov  8 23:39:32 2023 GMT
verify return:1
---
Certificate chain
 0 s:CN = *.mytrafficmanagement.com
   i:C = US, O = Let's Encrypt, CN = R3
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Aug 10 23:39:33 2023 GMT; NotAfter: Nov  8 23:39:32 2023 GMT
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep  4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
---
(snipped)

This is causing opkg to refuse to connect for package updates. I searched the forum and didn't find any other topics which left me a little surprised as the cert expired almost two weeks ago. Using '--no-check-certificate' allows opkg to download package metadata.

downloads.openwrt.org not downloads.openwrt.com

1 Like

Wrong domain... openwrt. com

The correct one is openwrt.org

1 Like

Haha... Wow. Poor troubleshooting on my part.

I was getting a "5" return code from wget inside of opkg. It may have been that the device time was not synced. It is not a problem now.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.