Server registration fails - Unsupported certificate #3105

New issue

Open

opened 2026-02-20 22:18:07 -05:00 by deekerman · 5 comments

deekerman commented 2026-02-20 22:18:07 -05:00

Owner

Copy link

Originally created by @edshot99 on GitHub (Feb 17, 2026).

Description

A certificate generated with acme-client works for everything but the Mumble registration server.

Steps to reproduce

1. Start server
2. Wait
3. Error occurs

Mumble version

1.4.0

Mumble component

Server

OS

OpenBSD

Reproducible?

Yes

Additional information

An acme-client certificate on another server still works fine.
Self-signed certificates also work fine.
Using default TLS ciphers didn't change anything.

Relevant log output

<X>2026-02-17 16:31:14.445 SSL: OpenSSL version is 'LibreSSL 4.2.0'
<W>2026-02-17 16:31:14.445 Initializing settings from /etc/murmur.ini (basepath /etc)
<W>2026-02-17 16:31:14.446 Binding to address 0.0.0.0
<C>2026-02-17 16:31:14.447 MetaParams: Adding 1 intermediate certificates from certificate file.
<W>2026-02-17 16:31:14.974 MetaParams: TLS cipher preference is "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA"
<W>2026-02-17 16:31:16.527 Murmur 1.4.0 running on OpenBSD: OpenBSD 7.8 [x64]: Booting servers
<W>2026-02-17 16:31:34.395 1 => Server listening on 0.0.0.0:64738
<W>2026-02-17 16:34:52.457 1 => Registration failed: Error while reading: error:1404C413:SSL routines:ST_OK:sslv3 alert unsupported certificate

Screenshots

No response

Originally created by @edshot99 on GitHub (Feb 17, 2026). ### Description A certificate generated with acme-client works for everything but the Mumble registration server. ### Steps to reproduce 1. Start server 2. Wait 3. Error occurs ### Mumble version 1.4.0 ### Mumble component Server ### OS OpenBSD ### Reproducible? Yes ### Additional information An acme-client certificate on another server still works fine. Self-signed certificates also work fine. Using default TLS ciphers didn't change anything. ### Relevant log output ```shell <X>2026-02-17 16:31:14.445 SSL: OpenSSL version is 'LibreSSL 4.2.0' <W>2026-02-17 16:31:14.445 Initializing settings from /etc/murmur.ini (basepath /etc) <W>2026-02-17 16:31:14.446 Binding to address 0.0.0.0 <C>2026-02-17 16:31:14.447 MetaParams: Adding 1 intermediate certificates from certificate file. <W>2026-02-17 16:31:14.974 MetaParams: TLS cipher preference is "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA" <W>2026-02-17 16:31:16.527 Murmur 1.4.0 running on OpenBSD: OpenBSD 7.8 [x64]: Booting servers <W>2026-02-17 16:31:34.395 1 => Server listening on 0.0.0.0:64738 <W>2026-02-17 16:34:52.457 1 => Registration failed: Error while reading: error:1404C413:SSL routines:ST_OK:sslv3 alert unsupported certificate ``` ### Screenshots _No response_

deekerman added the

support

label 2026-02-20 22:18:07 -05:00

deekerman commented 2026-02-20 22:18:07 -05:00

Author

Owner

Copy link

@Krzmbrzl commented on GitHub (Feb 18, 2026):

Is this a Let's Encrypt certificate?

@Krzmbrzl commented on GitHub (Feb 18, 2026): Is this a Let's Encrypt certificate?

deekerman commented 2026-02-20 22:18:07 -05:00

Author

Owner

Copy link

@edshot99 commented on GitHub (Feb 18, 2026):

Yes

@edshot99 commented on GitHub (Feb 18, 2026): Yes

deekerman commented 2026-02-20 22:18:07 -05:00

Author

Owner

Copy link

@Krzmbrzl commented on GitHub (Feb 19, 2026):

@davidebeatrici do you have any idea?

@Krzmbrzl commented on GitHub (Feb 19, 2026): @davidebeatrici do you have any idea?

deekerman commented 2026-02-20 22:18:07 -05:00

Author

Owner

Copy link

@davidebeatrici commented on GitHub (Feb 19, 2026):

How did you generate the certificate? Could you provide it here (only the public PEM, not the private key)?

@davidebeatrici commented on GitHub (Feb 19, 2026): How did you generate the certificate? Could you provide it here (only the public PEM, not the private key)?

deekerman commented 2026-02-20 22:18:07 -05:00

Author

Owner

Copy link

@edshot99 commented on GitHub (Feb 19, 2026):

How did you generate the certificate?

acme-client with default non-staging Lets Encrypt server

Could you provide it here (only the public PEM, not the private key)?

Working

groovyexpress.com.fullchain.pem.txt

Not working

us1.groovyexpress.com.fullchain.pem.txt

@edshot99 commented on GitHub (Feb 19, 2026): > How did you generate the certificate? [acme-client](https://man.openbsd.org/acme-client.1) with default non-staging Lets Encrypt server > Could you provide it here (only the public PEM, not the private key)? Working [groovyexpress.com.fullchain.pem.txt](https://github.com/user-attachments/files/25428476/groovyexpress.com.fullchain.pem.txt) Not working [us1.groovyexpress.com.fullchain.pem.txt](https://github.com/user-attachments/files/25428479/us1.groovyexpress.com.fullchain.pem.txt)

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

weblate-translation-update

1.6.x

1.5.x

backport/1.5.x/pr-7080

backport/1.5.x/pr-6875

backport/1.5.x/pr-6879

backport/1.5.x/pr-6859

test-ci-win-fail

backport/1.5.x/pr-6789

backport/1.5.x/pr-6841

backport/1.5.x/pr-6832

backport/1.5.x/pr-6825

backport/1.5.x/pr-6809

backport/1.5.x/pr-6790

backport/1.5.x/pr-6777

backport/1.5.x/pr-6747

backport/1.5.x/pr-6775

backport/1.5.x/pr-6748

backport/1.5.x/pr-6769

backport/1.5.x/pr-6750

backport/1.5.x/pr-6744

backport/1.5.x/pr-6742

backport/1.5.x/pr-6728

backport/1.5.x/pr-6723

backport/1.5.x/pr-6700

backport/1.5.x/pr-6702

backport/1.5.x/pr-6703

backport/1.5.x/pr-6694

appveyor-fxc-dll-symbol-workaround

1.4.x

v1.6.870

v1.5.857

v1.5.735

v1.5.634

v1.5.629

v1.5.613

v1.5.517

v1.4.287

v1.4.274

v1.4.230

1.4.0-release-candidate-01

1.4.0-development-snapshot-006

1.4.0-development-snapshot-005

1.4.0-development-snapshot-004

1.4.0-development-snapshot-003

1.4.0-development-snapshot-002

1.3.4

1.4.0-development-snapshot-001

1.3.3

1.3.2

1.3.1

1.3.1-rc1

1.3.0

1.3.0-rc2

1.3.0-rc1

1.2.20

1.2.19

1.2.18

1.2.17

1.2.16

1.2.15

1.2.14

1.2.13

1.2.12

1.2.11

1.2.10

1.2.9

1.2.8

1.2.7

1.2.6

1.2.5

1.2.4

1.2.4-rc1

1.2.4-beta1

1.2.3

1.2.3-rc3

1.2.3-rc2

1.2.3-rc1

1.2.2

1.2.1

1.2.0

1.2.0beta2

1.2.0beta1

1.1.8

Labels

Clear labels   

GlobalShortcuts

  

Hacktoberfest

  

accessibility

  

acl

  

asio

  

audio

  

bonjour

  

bsd

  

bug

  

build

  

certificate

  

ci

  

client

  

code

  

documentation

  

external-bug

  

feature-request

  

gRPC

  

github

  

good first issue

  

help wanted

  

help-needed

  

ice

  

installer

  

linux

  

macOS

  

needs-ckeck-with-latest-version

  

needs-more-input

  

overlay

  

positional audio

  

priority/P0 - Blocker

  

priority/P1 - Critical

  

priority/P2 - Important

  

priority/P3 - Somewhat important

  

priority/P4 - Low

  

public-server-registration

  

qt

  

recording

  

release-management

  

server

  

stale-no-response

  

stale-support

  

support

  

task

  

test

  

theme

  

translation

  

triage

  

ui

  

windows

  

wontfix

  

x64

No labels

GlobalShortcuts

Hacktoberfest

accessibility

acl

asio

audio

bonjour

bsd

bug

build

certificate

ci

client

code

documentation

external-bug

feature-request

gRPC

github

good first issue

help wanted

help-needed

ice

installer

linux

macOS

needs-ckeck-with-latest-version

needs-more-input

overlay

positional audio

priority/P0 - Blocker

priority/P1 - Critical

priority/P2 - Important

priority/P3 - Somewhat important

priority/P4 - Low

public-server-registration

qt

recording

release-management

server

stale-no-response

stale-support

support

task

test

theme

translation

triage

ui

windows

wontfix

x64

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/mumble-mumble-voip#3105

No description provided.