Certificate Error during enrol process

Trying to use enclave on a Linux system, and see the following error upon enrollment attempt. It appears to be a remote certificate error, but I wanted to check to see if perhaps something on my end is causing the issue?

[ls-demo  3:19 pm] ~ # enclave enrol

Generating new private key              ... OK (256 bit)
Signing authority                       ... OK (cn=Enclave Networks Primary Intermediate G1)
Requesting certificate from issuer      ... Failed. (endpoint=https://api.enclave.io/authority/enrol)

The remote certificate is invalid because of errors in the certificate chain: NotTimeValid


This may be a local problem validating our API server’s LetsEncrypt-issued certificate. Can I ask you to check that:

  • The local system clock is correct
  • You have the latest ca-certificates installed (on a debian installation, run sudo apt update ca-certificates)

An existing LetsEncrypt root certificate did expire a little while ago, so it’s possible that is related.



This pointed me in the right direction, thanks! I’m running a really old version of Debian (jessie), and even though I was updating CA certs, apparently it was checking an expired cert first, and not seeing the proper root cert for connection. Once I removed that expired cert it was able to enroll.

In case anyone else runs into this super-specific use case, here’s some more detail: Client on Debian 9 erroneously reports expired certificate for letsencrypt-issued domain - Server Fault

1 Like

Thanks for the interesting extra context on this issue! Glad you managed to get things working.