[02:11] <jrwren> anyone have issues with python/requests... actually all of ubuntu... not supporting LetsEncrypt root certs?  python/requests/curl fails for me, but on my mac the same root cert works.
[02:11] <jrwren> I get * TLSv1.2 (OUT), TLS alert, handshake failure (552):
[02:11] <jrwren> * error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type
[02:14] <cmaloney> Which version of python / requests?
[02:21] <jrwren> python 3.8, not sure about requests.
[02:21] <jrwren> but it seems to be system wide as curl is also effected.
[02:21] <jrwren> can anyone compare this file on tehir system?
[02:21] <jrwren> 2a02:840:1:1:1::1
[02:21] <jrwren>  200348 Jun  3 22:15 /etc/ssl/certs/ca-certificates.crt
[02:21] <jrwren> gah, I thought maybe it was ipv6, but no, evne on ipv4 same error.
[02:21] <jrwren> my only guess is ca-certifactes.crt is no good.
[02:25] <jrwren> ca-certificates is already the newest version (20190110ubuntu1.1).
[02:25] <jrwren> that does seem too old.
[02:26] <jrwren> hrm... or not... despite the version it is from June of 2020
[02:31] <cmaloney> Does it work on other sites?
[02:37] <jrwren> yes
[02:37] <jrwren> i'm thinking it is this, but the fix didn't work for me.
[02:37] <jrwren> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900984
[02:41] <jrwren> yeah, adding --ciphers DEFAULT@SECLEVEL=1  to the curl command makes it pass, but I've no idea how to set default openssl client ciphers
[02:43] <jrwren> well, curl is excellent, so ciphers = in ~/.curlrc works great, but that doesn't fix requests.
[02:44] <jrwren> https://github.com/psf/requests/issues/4775
[02:48] <jrwren> https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level  WINS
[02:51] <jrwren> well that was really interesting
[11:56] <cmaloney> Wow, that's fun. :)
[12:10] <jrwren> it really was. I'm glad I solved it.