Hello list,
Not sure this is the right place to post, maybe I'd better mail the maintainer of the package, but you might have encountered the same issue.
I've always published TLSA records for my domains/subdomains, and using an automated (Cron) job to do this, invoking the tlsa script (provided by the hash-slinger package on my Fedora machines).
Now for about a few weeks now, the tlsa script fails, complaining with the following error message:
Could not verify local certificate: no start line. Traceback (most recent call last): File "/usr/bin/tlsa", line 889, in <module> genRecords(args.host, args.protocol, args.port, chain, args.output, args.usage, args.selector, args.mtype) NameError: name 'chain' is not defined
I'm using LetsEncrypt for my certificates, and I can't see what changed recently. I'm running the tlsa script against a concatenated (intermediate + domain certificate) PEM file, and it has always worked just fine.
During my investigations, I found that an "openssl verify" will fail on the file, saying "unable to get local issuer certificate". I have no way to tell if this has always failed, or if this is new behavior.
I'd be glad to hear if you have any thoughts about my issue.
Thanks!
Hoggins!