error in periodic output, fetching leap-seconds.list



Thanks: 7
Messages: 43

I've recently started getting an error in my periodic output email.
Certificate verification failed for /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Root Certificate Authority - G2
34374371912:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269:
fetch: Authentication error
I have ca_root_nss installed. I can reproduce the problem by doing service ntpd onefetch.
This is FreeBSD 11.2-RELEASE, my other vm's and physical servers which are the same version do not have the same problem, but this one was installed with 11.2-RELEASE while the others have all been upgraded from earlier versions.

It's not critical, I don't even have ntpd(8) enabled in rc.conf.

Any suggestions would be appreciated.


Son of Beastie

Thanks: 1,569
Messages: 3,411

I cannot reproduce any errors so this seems like a localized problem at first. However... What is the output of grep server /etc/ntp.conf?



Thanks: 7
Messages: 43

ok thanks, here's the output, only comments


# Default NTP servers for the FreeBSD operating system.
# Set the target and limit for adding servers configured via pool statements
# Ntpd automatically adds maxclock-1 servers from configured pools, and may
# servers are providing good consistant time.
# The following pool statement will give you a random set of NTP servers
# servers from the pool, according to the tos minclock/maxclock targets.
# users with a static IP and good upstream NTP servers to add a server
# If you want to pick yourself which country's public NTP server
# To configure a specific server, such as an organization-wide local
# server, add lines similar to the following. One or more specific
# servers can be configured in addition to, or instead of, any server
# the specific servers, then adds servers from the pool until the tos
#server iburst
# In this case, all remote NTP time servers also need to be explicitly
# this server.
# Please note that this example doesn't work for the servers in
# If a server loses sync with all upstream servers, NTP clients
# no longer follow that server. The local clock can be configured
# be configured on just one server on a network. For more details see


Well-Known Member

Thanks: 151
Messages: 291

the default /etc/ntp.conf does not use the server definition, that's going to be commented out. It uses the pool instead, the default being pool iburst