Simon Smith

its complaining it couldnt read the file `webserver-cert-public.crt` correctly it thinks the certificate is NOT RSA but maybe EDCSA? have you renewed your certificate at all? can you check what...

`ecdsa-with-SHA384` this is the problem, meshcentral doesnt support ecdsa yet it was renewed on `May 21 02:43:38 2025` do you use meshcentral to handle the SSL? because the `letsencrypt` section...

chances are the old certs where RSA and maybe cached in its memory, when it renewed, it was replaced with ECDSA, but meshcentral didnt reload properly, so still using old...

@thieneret can you also do the same thing please? verify with openssl what info the webserver cert is providing?

@ronald-mendoza it might be certbot did an app update to itself and changed rsa to ecdsa, its hard to say! but in your instance the issue/fix is very simple, the...

@ronald-mendoza huh? im not too sure now as i really am confused? the only difference i see that stands out is `OCSP - URI:http://e6.o.lencr.org` but the `node-forge` package we use...

@thieneret this is also what's confusing me as we haven't changed anything ssl/tls wise? Only changed it made was to check if ur code-siging cert is different to the cert...

thanks for replying! i setup the stalebot the wrong way haha, it was meant to do oldest to newest, not newest to oldest! but its also good to see what...

@fanynek86 ah right yes i remember! U needed the vnc url! But the dompurify blocks this to only http/https! Well try sort next week as should be simple enough!

is this still needed at all? i can add in `{ALLOW_UNKNOWN_PROTOCOLS: true}` and this would allow ALL protocols, but this is oversally dangerous! so trying to think if we could...