gluetun: OpenSSL error connecting to VPN Unlimited: self-signed certificate in certificate chain
Is this urgent?
Yes: unable to use gluetun
Host OS
Debian Bookworm
CPU arch
x86_64
VPN service provider
VPNUnlimited
What are you using to run the container
docker-compose
What is the version of Gluetun
Running version latest built on 2023-12-14T16:10:26.989Z (commit f0f9bdb)
What’s the problem 🤔
Unable to connect to VPN due to self signed certificate. It was working 2 days ago. I stopped the container and pulled latest version, but same error.
Share your logs (at least 10 lines)
2023-12-15T10:12:09+01:00 INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 2 2022
2023-12-15T10:12:09+01:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2023-12-15T10:12:09+01:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]<redacted>
2023-12-15T10:12:09+01:00 INFO [openvpn] UDP link local: (not bound)
2023-12-15T10:12:09+01:00 INFO [openvpn] UDP link remote: [AF_INET]151.80.27.199:1194
2023-12-15T10:12:09+01:00 INFO [openvpn] VERIFY ERROR: depth=2, error=self-signed certificate in certificate chain: C=US, ST=NY, L=New York, O=KeepSolid Inc., OU=KeepSolid Root CA, CN=KeepSolid Root CA, emailAddress=admin@keepsolid.com, serial=429164281094478856831696042475561970021707008630
2023-12-15T10:12:09+01:00 INFO [openvpn] OpenSSL: error:0A000086:SSL routines::certificate verify failed
2023-12-15T10:12:09+01:00 INFO [openvpn] TLS_ERROR: BIO read tls_read_plaintext error
2023-12-15T10:12:09+01:00 INFO [openvpn] TLS Error: TLS object -> incoming plaintext read error
2023-12-15T10:12:09+01:00 INFO [openvpn] TLS Error: TLS handshake failed
2023-12-15T10:12:09+01:00 INFO [openvpn] SIGTERM received, sending exit notification to peer
2023-12-15T10:12:09+01:00 INFO [openvpn] SIGTERM[soft,tls-error] received, process exiting
Share your configuration
- VPN_SERVICE_PROVIDER=vpn unlimited
- SERVER_COUNTRIES=Netherlands,Germany,Finland,Belgium,Denmark,France
- OPENVPN_USER=<redacted>
- OPENVPN_PASSWORD=<redacted>
About this issue
- Original URL
- State: closed
- Created 7 months ago
- Comments: 42 (10 by maintainers)
Hello sorry for the delay, but also not sorry, VPN unlimited is a silly provider for not alerting its users of such a big change ugh.
CA certificate is updated with daa63c276d587c440526fdc0803667a90c4d2c9e (latest image only for now), let me know if it works and we can then close the issue. Thanks!
A workaround for now is as follows.
remote [whatever server you were using].vpnunlimited.comtoremote [open the servers file in gluetun folder and search for the hostname that you were using and pick one ip and paste it here e.g. remote xxx.xxx.xxx.xxx]and save.VPN_SERVICE_PROVIDER=vpnunlimitedtoVPN_SERVICE_PROVIDER=customOPENVPN_CUSTOM_CONFIG=/[FILENAME].ovpnMy docker-compose
I had to try other ip’s from the list as some did not work for me.
I have the same issue. I tried pulling latest, adding new certificates etc, but no joy. It has been working fine for a long while.
Thanks @AkkelDeFakkel a night of trying to use the VPN Unlimited provider led to your custom setup with an ovpn file being the best solution. The IP I used was the one that was resolved from a ping. This same IP was in the list of those returned by nslookup.
Got it working using your workaround, I was slighly confused in something I had configured, thanks for the tip in the first place, still hope that sort this out soon…