TLS certificate question about Unbound 1.9.2

rollingonchrome rollingonchrome at
Thu Apr 4 17:35:34 UTC 2019

Hi Wouter,

Thank you for taking a look at my config file.

Sorry for any confusion. I am running Unbound 1.9.1. That should support
the tls-cert-bundle option, correct?

I had initially tried my config file with 1.9.2, but at Yuri's suggestion,
I downgraded to the latest stable version, 1.9.1.

The tls-cert-bundle option did not work with either 1.9.2 or 1.9.1.

I am running Unbound compiled from source on a Raspberry Pi (Raspbian

I now think the problem may be in the OpenSSL version on Raspbian, which
only supports TLS 1.2.

Thank you for your help.



*Wouter Wijngaards* wouter at
*Thu Apr 4 09:04:46 CEST 2019*


So this config file is fine, the tls-cert-bundle should work find with a
version of unbound that supports the options (eg. 1.9.2).  Like, for me,
it works.  I guess you downgraded and are now using an older version
that does not support the tls-cert-bundle option, so the unknown keyword
error is accurate?

Best regards, Wouter

On 4/3/19 7:52 PM, rollingonchrome via Unbound-users wrote:
>* Hello,
*> >* Thank you for the replies. I believe I have the tls-cert-bundle
*>* information correctly indented now. But, I am still getting the same
*>* errors as before about unknown keywords and strays.
*> >* It is indented like this:
*> >* server:
*>      >*       [a few lines omitted]
*>      >*      #Added for DoT
*>*      tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
*> >* Here is a link to my actual conf file if anyone would be willing to take
*>* a look:
*> >* I've read that OpenSSL on Jessie doesn't support any TLS except 1.2, so
*>* I'm wondering if that might be this issue. Not sure what version of TLS
*>* Unbound 1.9.1 uses (I downgraded).
*> >* Thank you for your help.
*> >* Best,
*> >* RoC*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Unbound-users mailing list