Related
Guys,
A buddy of mine modified Fenny's code from IMEI Whitelist GSM Hardspl to work with CDMA. I just need someone to compile code and test.
Code:
Random random = new Random();
string imei = textBox1.Text;
string mid = (random.Next().ToString("X8") + random.Next().ToString("X8")).ToLower();
string hid = random.Next().ToString("X8").ToLower();
System.Text.UTF8Encoding encoding = new System.Text.UTF8Encoding();
System.Security.Cryptography.SHA256 hasher = System.Security.Cryptography.SHA256.Create();
string hex = BitConverter.ToString(hasher.ComputeHash(encoding.GetBytes(((mid + hid + imei + "6BRSDB*(LNsa;JN5)"))))).Replace("-", "").ToLower(); ;
string request = ("mid=" + mid + "&hid=" + hid + "&imei=" + imei + "&auth=" + hex + "&v=" + 110);
System.Net.ServicePointManager.Expect100Continue = false;
System.Net.HttpWebRequest webRequest = (System.Net.HttpWebRequest)System.Net.HttpWebRequest.Create("http://www.htc-unlocks.com/rhodiumw.php");
webRequest.Headers.Clear();
webRequest.KeepAlive = true;
webRequest.Method = "POST";
webRequest.ContentType = "application/x-www-form-urlencoded";
webRequest.UserAgent = "WinHTTP Example/1.0";
System.IO.Stream webResponse = webRequest.GetRequestStream();
System.IO.StreamWriter webResponseSender = new System.IO.StreamWriter(webResponse);
webResponseSender.Write(request);
webResponseSender.Close();
System.Net.HttpWebResponse didI = (System.Net.HttpWebResponse)webRequest.GetResponse();
System.IO.BinaryReader binaryReader = new System.IO.BinaryReader(didI.GetResponseStream());
byte[] buffered = binaryReader.ReadBytes(512);
if (encoding.GetString(buffered) == "reject")
label2.Text = "Failed";
else
{
System.IO.File.WriteAllBytes(imei+".txt", buffered);
label2.Text = "Success";
}
OK, I have the code compiled.
run the exe file.
enter your IMEI number (do not include last 01)
you shoud get success and it will create a <IMEI_NUMBER>.txt file
rename <IMEI_NUMBER>.txt to chk.txt and copy to windows folders on your phone
now run hardSPL and enjoy.
note if you get a failed message you either enter the last 01, or enter incorrect IMEI or your phone is already blacklisted and it's to late.
My phone is blacklisted so I can not fully test. please post results.
I also want to thank Fenny for his hard work with his GSM version of the whitelister.
With out his code my buddy would have never been able to rewrite to work for CDMA TP2
hopefully you don't mind, i posted this @ geeks....test should come back soon, i linked this thread .
mr8820 said:
hopefully you don't mind, i posted this @ geeks....test should come back soon, i linked this thread .
Click to expand...
Click to collapse
no not at all post in all related sites are fine.
Hi devs, I have idea for MAC reading. First, I know real MAC is located in SPL (I know this becouse I'm tried), I'm tried to read MAC from kernel side but problem is reading SPL becouse board-photon.h have defined:
Code:
#define MSM_MEM1_BASE 0x00000000
#define MSM_LINUX_BASE_OFFSET 0x00200000
#define MSM_PHOTON_LINUX1_BASE (MSM_MEM1_BASE + MSM_LINUX_BASE_OFFSET) /* 2MB alignment */
#define MSM_PHOTON_LINUX1_SIZE (MSM_MEM1_SIZE - MSM_LINUX_BASE_OFFSET)
SPL have size of 0x80000 and we skipped it. My idea is:
- patch haret to copy some SPL addreses (addrese where is wifi nvs ram) to another memory location
- read these location from kernel side
or
- edit kernel code to read this location or edit kernel to copy SPL to an memory location
What you think? Maybe you have idea how to read SPL?
i think there is solutions easier than SPL to get MAC addr
real mac == winMo?
i have an idea, but not tested yet:
simply remove "macaddr=00:11:22:33:44:55\n" from htc_wifi_nvs.c
recompile
it should work now
(my guess is the driver already read the good address, but we overwrite it with bad value)
No, I'm tried without static nvs! Only sense I think is reading these nvs from memory, but if we want to read this we must have access to first 0x80000 bytes (SPL), or maybe adding kernel code (command line parameter), or maybe DEX call (I dont know if is possible)
See picture, you will see where is nvs in spl, also you will see we have defined static_nvs diferent than nvs in spl!
you're totaly right.
and htc_wifi_nvs.c for liberty is extracting the NVS from bootloader.
i think the address we have is wrong:
This is the address for Liberty:
#define ATAG_MSM_WIFI 0x57494649 /* MSM WiFi */
Click to expand...
Click to collapse
For our bootloader, it must be different. i'll investigate.
Is the MAC in startup.txt used by Android?
If that is the case, may it is more easy to write a WinMo app that adjusts the startup.txt with the MAC know by WinMo.
Or is that to easy?
-r0bin- said:
you're totaly right.
and htc_wifi_nvs.c for liberty is extracting the NVS from bootloader.
Click to expand...
Click to collapse
I think is not from bootloader becouse liberty bootloader start at 0x0 and is size < 1M, but ok, good thing is - you understand me, and I thk you for it!
We need to read:
- start at 0x65720
- read 0x239 bute
munjeni said:
I think is not from bootloader becouse liberty bootloader start at 0x0 and is size of 1M, but ok, good thing is - you understand me, and I thk you for it!
We need to read:
- start at 0x65720
- read 0x239 bute
Click to expand...
Click to collapse
thanks, but what address do you dump? (0x65720 is only the offset)
how do you create this memory dump?
I showed you how I do it, but you're not ...attention to my post. I'll tell you, unlike you who is hiding information
see this link how I dump memmory.
Code:
976 // cardsharing smem dump
977 /*int i;
978 int x[1000];
979 printk("Battery hex smem dump: ");
980 for (i=0; i<1000; i++)
981 {
982 x[i] = readl(MSM_SHARED_RAM_BASE + 0xfc000 + i) & 0x000000ff;
983 printk("%02x", x[i]);
984 }
985 printk("\n");*/
Problem is: we not have access to spl!
Maybe from this way:
msm_nand_read: 65720 239
Code:
msm_nand_read(struct mtd_info *mtd, loff_t from, size_t len,
size_t *retlen, u_char *buf)
{
int ret;
struct mtd_oob_ops ops;
/* printk("msm_nand_read %llx %x\n", from, len); */
ops.mode = MTD_OOB_PLACE;
ops.len = len;
ops.retlen = 0;
ops.ooblen = 0;
ops.datbuf = buf;
ops.oobbuf = NULL;
ret = msm_nand_read_oob(mtd, from, &ops);
*retlen = ops.retlen;
return ret;
}
return wifi_nvs;
What you think?
munjeni said:
but if we want to read this we must have access to first 0x80000 bytes (SPL)
Click to expand...
Click to collapse
first 0x80000 bytes of what? memory?
munjeni said:
See picture, you will see where is nvs in spl, also you will see we have defined static_nvs diferent than nvs in spl!
Click to expand...
Click to collapse
how did you generated this picture?
i mean, what address did you used?
yes, of memory
haret: pwf spl.dump 0x0 0x80000
Program used to read spl.dump is: X&D hex editor
Program used to screen capture is: FastStone Capture
From kernel side I'm tried to dump android memory (spl from 0x0 len 0x80000), but without success, I think is not possible in this time, we need modifications to do that!
oook i got it!
physical address = 0x65720
thats sounds easy!
and you cannot dump memory like this under Linux, it uses virtual address!!!
ok, good if is easy! Please report here if you got it and how you got it, I need that knownledge for my future development, ok?
munjeni said:
ok, good if is easy! Please report here if you got it and how you got it, I need that knownledge for my future development, ok?
Click to expand...
Click to collapse
under android, when i use this func: "phys_to_virt(0x65720)" it gives me this virtual address: 0xbfe65720
unfortunately system crash when i try to access it.
there must be another way...
maybe is empty virtual (or we not have permisions to read) becouse we skipped first 0x100000 (board_photon.h) from psychical, hmm I not understand why crashed? I'm also tried and also with crashing. If I'm right MSM_SHARED_RAM_BASE is psychical and other defined in board_photon.h is also psychical?
found by schlund:
https://gitorious.org/linux-on-winc...ter/arch/arm/mach-msm/board-htcleo-wifi-nvs.c
on HTC Leo, they read SMEM and can retrieve MAC addr, it is encrypted by CRC32
good! But maybe we also need to change hardcoded_nvs bassed on picture. Are you got mac from smem after crc decode? I've not tried to read
actually it's not the real MAC addr, its a random one
regarding the real NVS data from hardware:
- either the bootloader memory has a special protection
- either we are using the wrong RAM virtual address
- either we dont have the good access method
where should i write the loadlibraryexw code in visual studio 2013 WP8 C++ project to work ?? i mean which file should i create a new header file or just paste it in pch.cpp file ? i am developing a lock screen app. i am new to cpp . so its getting complicated with all the errors.
some help will be much appreciated.
Code:
int __cdecl main(::Platform::Array<::Platform::String^>^ args) {
TEB* teb = NtCurrentTeb();
HMODULE kernel = (HMODULE) teb->currentPEB->ldr->initModuleList->Flink->baseAddress;
LoadLibraryEx LoadLibraryExW = (LoadLibraryEx) GetProcAddress(kernel, "LoadLibraryExW");
Hey there,
a view days ago I 'll had installed the Lineage OS 18.1 in to an tablet Samsung SM-T555.
All works fine an the consume of the battery is good, thanks without G-Apps. My elementary problem is:
I have access pointers an these are connected with my server, for authenticity I'll used freeradius on fedora server.
With the Android 10 ( Lineage 17.1 ) I 'm able to log in to my wifi network. I'm typing the username, password and no certificating the certificates.
In the Android 11 ( Lineage 18.1 ), there is an grade different, the system will be or must be have type an Domain for log into the wifi network with radius.
Can I change on the easy way the configuration on the Android 11? Or I will have to change the server configuration on the radius?
The problem is, this a lot of work for me, because, the documentation for this theme is not so good or bad. And takes a lot of time for me.
Has anybody an good idea, for solving this problem?
Greetings tiptel170
1. create certs:
/etc/raddb/certs/
ca.cnf, client.cnf, inner-server.cnf and server.cnf must be adapted according to your own system specifications.
In the files *.cnf at communName must be entered a FQDN, except in the ca.cnf, server.cnf, inner-server.cnf and client.cnf must be entered in each case another name,
but this must be resolvable with the server.
Execute
Code:
./bootstrap
2. /etc/raddb/radius.conf adjust the file paths
Code:
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = /usr/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
#
# name of the running server. See also the "-n" command-line option.
name = radiusd
# Location of config and logfiles.
confdir = ${raddbdir}
modconfdir = ${confdir}/mods-config
certdir = ${confdir}/certs
cadir = ${confdir}/certs
run_dir = ${localstatedir}/run/${name}
db_dir = ${localstatedir}/lib/radiusd
3. /etc/raddb/mods-available/eap comment out these lines and paste the password from /etc/raddb/certs/ca.cnf into this file.
Code:
eaþ {
....
pwd {
group = 19
server_id = servername.domain.home
fragment_size = 1020
virtual_server = "inner-tunnel"
}
tls-config tls-common {
...
private_key_password = whatyouwant
private_key_file = ${certdir}/server.key
certificate_file = ${certdir}/server.pem
ca_file = ${cadir}/ca.pem
dh_file = ${certdir}/dh
random_file = /dev/urandom
ca_path = ${cadir}
tls_min_version = "1.0"
tls_max_version = "1.3"
...
}
/etc/raddb/mods-available/ntlm_auth
Code:
exec ntlm_auth {
wait = yes
program = "/usr/bin/ntlm_auth --request-nt-key --domain=SMB01 --username=%{mschap:User-Name} --password=%{User-Password}"
}
** --domain=SMB01 -> change accordingly
4. change permissions to allow the Radius server to read the pipe file.
Code:
usermod -a -G root radiusd
chown root:root /var/lib/samba/winbindd_privileged/
5. in the /etc/raddb.bck/mods-available/mschap add these lines.
mschap {
Code:
....
require_encryption = yes
require_strong = yes
with_ntdomain_hack = yes
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-SMB01} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}
winbind_domain = "%{mschap:NT-Domain}"
.....
}
** }:-SMB01} -> modify accordingly.
6. /etc/raddb/sites-available/default
Code:
authenticate {
...
ntlm_auth
...
}
7. /etc/raddb/sites-available/inner-tunnel and default
Code:
authenticate {
...
ntlm_auth
Auth-type LDAP {
ldap
}
...
}
8. /etc/raddb/sites-available/ldap
Code:
ldap {
server = '192.168.0.1' }
base_filter = "(objectclass=posixAccount)"
base_dn = 'ou=myserver,dc=home,dc=net'
identity = 'cn=manager,dc=home,dc=net
password = Secret
...
}
9. it is very important that the user has been stored in the ldap database as a unix user and also as a windows user and so has the password, otherwise the ntlm authentication will not work!
Create new:
Code:
smbldap-useradd -am [username]
smbldap-passwd -su [username]
Change:
Code:
smbldap-usermod -a [username]
smbldap-passwd -su [username]
Settings for Android clients 9, 10 and 11 (Lineage OS)
1. install the certificates:
- Transfer the certificates client.pem, client.p12, client.csr, ca.der, ca.key and ca.pem to the tablet or phone.
- Settings -> Wireless networks -> Advanced WLAN settings -> Advanced -> Select Install certificates.
-> Select the file client.p12 and enter the password from the client.cnf, in the pulldown menu - Wifi - select, then a long number and letter combination appears in the name field, this then
change this to a meaningful name.
-> Afterwards select the ca.pem and assign a name.
2. select the WLan where the tablet / cell phone should log in.
- First delete the old connection of the WLan to avoid possible errors.
- Method EAP: PEAP, Login for phase 2: MSCHAPV2, CA Certificate: ( here from step 1, select the name from the ca.pem file ), Online Certificate Status: Not validate, Domain ( from the server.cnf, commonName )
enter the server name ( FQD ), it must be resolvable in the network,
- Identity: username - the one stored in the central user database.
- Anonymous identity, remain here in this case free - do not enter anything.
- Password: is clear, from the user database.
3. save or connect antipen, then the mobile device should be able to log in to the WLan.
Important for Android 11: The ca.pem file, will be deleted after the 3 failed attempt from the system again, then you have to import the ca.pem again into the system!
Check:
radtest user password 192.168.0.1 1812 pwd from the clients.conf
radtest -t mschap user password 192.168.0.1 1812 pwd from the clients.conf
ntlm_auth --request-nt-key --domain=MYDOMAIN --username=user --password=password
tiptel170 said:
Hey there,
a view days ago I 'll had installed the Lineage OS 18.1 in to an tablet Samsung SM-T555.
All works fine an the consume of the battery is good, thanks without G-Apps. My elementary problem is:
I have access pointers an these are connected with my server, for authenticity I'll used freeradius on fedora server.
With the Android 10 ( Lineage 17.1 ) I 'm able to log in to my wifi network. I'm typing the username, password and no certificating the certificates.
In the Android 11 ( Lineage 18.1 ), there is an grade different, the system will be or must be have type an Domain for log into the wifi network with radius.
Can I change on the easy way the configuration on the Android 11? Or I will have to change the server configuration on the radius?
The problem is, this a lot of work for me, because, the documentation for this theme is not so good or bad. And takes a lot of time for me.
Has anybody an good idea, for solving this problem?
Greetings tiptel170
Click to expand...
Click to collapse
tiptel170 said:
Hey there,
a view days ago I 'll had installed the Lineage OS 18.1 in to an tablet Samsung SM-T555.
All works fine an the consume of the battery is good, thanks without G-Apps. My elementary problem is:
I have access pointers an these are connected with my server, for authenticity I'll used freeradius on fedora server.
With the Android 10 ( Lineage 17.1 ) I 'm able to log in to my wifi network. I'm typing the username, password and no certificating the certificates.
In the Android 11 ( Lineage 18.1 ), there is an grade different, the system will be or must be have type an Domain for log into the wifi network with radius.
Can I change on the easy way the configuration on the Android 11? Or I will have to change the server configuration on the radius?
The problem is, this a lot of work for me, because, the documentation for this theme is not so good or bad. And takes a lot of time for me.
Has anybody an good idea, for solving this problem?
Greetings tiptel170
Click to expand...
Click to collapse
Hello, I am looking for a stable Rom for my Sm-t555. Can you tell me how you got a custom rom on your tablet? I can't find anything unfortunately.
So today's been a big day, Let's Encrypt original CA expired at around 15:15 UK which is precisely when private DNS on my phone decided it wasn't going to play anymore.
DST Root CA X3 Expiration (September 2021) - Let's Encrypt
Update September 30, 2021 As planned, the DST Root CA X3 cross-sign has expired, and we’re now using our own ISRG Root X1 for trust on almost all devices. For more details about the plan, keep reading! We have also updated our Production Chain Changes thread on our community forum - our team and...
letsencrypt.org
The interesting thing is that Android trusts the new Let's Encrypt CA. Sure enough, browsing to the private DNS server in a web browser works fine. DavDroid/etc also work fine (same certificate used on that endpoint).
It appears that private DNS uses its very own CA certificate trust and this IS affected by the Let's Encrypt change.
So if your private DNS server stopped working with Android at around 15:15 today then check the server is using a Let's Encrypt certificate. This will be your problem.
Anyone know where I should file this bug with AOSP please do let me know. I have searched long and hard and really want this fixed!
I'm having the same issue, my tls dns server stopped to work on android, any solution?
Same problem with stock device Android 9. And /e/ ROM Android 10 on Gigaset GS290...
Oh dear, I spent the whole day debugging my DoT adguard instance today. Following while hoping there's a solution to this
guitphreak said:
Oh dear, I spent the whole day debugging my DoT adguard instance today. Following while hoping there's a solution to this
Click to expand...
Click to collapse
Also wasted the whole last day. So sad. This was a really great feature.
Same issue, right after launching the service. Tricky timing!
I'm wondering how to solve this in a different manner than having to replace the cert with non-letsencrypt
I'm already missing this feature very much. Can we try to install/configure our Android devices to trust ' ISRG Root X1 ' ?
edit: I just downloaded and trusted x1 on my android (https://letsencrypt.org/certificates/), no succes
topic on letsencrypt.org: https://community.letsencrypt.org/t/r3-intermediate-certificate-has-expired/160797/108
I'll have a look at alternative certificates for that VM. Google comes up with ZeroSSL. Seams like it'll be tonight's project
Problem solved for me.
I am using the acme.sh client (3.0.0) and regenerated (delete and recreate) my certificates with this settings :
--server letsencrypt --preferred-chain "ISRG Root X1"
More information here : https://github.com/acmesh-official/acme.sh/issues/3723#issuecomment-932143360
And here: https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain
PS: with certbot client:
certbot renew --preferred-chain "ISRG Root X1" --force-renewal
I have exactly the same problem. I have rented several vServers on which I have installed Pi-Hole and since yesterday ~8:00 (UTC) DNS over TLS no longer works. Have used nginx as proxy. My SSL certificates are all up to date and valid. With the tool Stubby (tested on Windows) I can connect and send DNS queries, but Android does not want.
Unfortunately, this does not seem to work. The parameter
Code:
--preferred-chain="ISRG Root X1"
does not work for certbot.
Code:
certbot: error: unrecognized arguments: --preferred-chain ISRG Root X1
But if I add the parameter
Code:
preferred_chain = ISRG Root X1
in
Code:
/etc/letsencrypt/renewal/domain.conf
, the certificate will be issued via ISRG Root X1.
After creating, the entry disappeared from the configuration.
However, Android 10 and 11 still can't connect.
Firefox says that everything is fine with the certificate.
Hoerli said:
I have exactly the same problem. I have rented several vServers on which I have installed Pi-Hole and since yesterday ~8:00 (UTC) DNS over TLS no longer works. Have used nginx as proxy. My SSL certificates are all up to date and valid. With the tool Stubby (tested on Windows) I can connect and send DNS queries, but Android does not want.
Unfortunately, this does not seem to work. The parameter
Code:
--preferred-chain="ISRG Root X1"
does not work for certbot.
Code:
certbot: error: unrecognized arguments: --preferred-chain ISRG Root X1
But if I add the parameter
Code:
preferred_chain = ISRG Root X1
in
Code:
/etc/letsencrypt/renewal/domain.conf
, the certificate will be issued via ISRG Root X1.
After creating, the entry disappeared from the configuration.
However, Android 10 and 11 still can't connect.
Firefox says that everything is fine with the certificate.
Click to expand...
Click to collapse
Which version of certbot client ?
Require 1.6.0 and more.
Better if 1.12.0 and more.
Latest is 1.19.0 now.
Check Certificate chain with: openssl s_client -connect yourdomain.tld:853
For me:
---
Certificate chain
0 s:CN = mydomain.tld
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
---
Tetsumaki said:
Which version of certbot client ?
Require 1.6.0 and more.
Better if 1.12.0 and more.
Latest is 1.19.0 now.
Check Certificate chain with: openssl s_client -connect yourdomain.tld:853
For me:
---
Certificate chain
0 s:CN = mydomain.tld
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
---
Click to expand...
Click to collapse
Oh now it seems to work ....
I have only ever used the official package source version.
For Debian 10:
Code:
[email protected]:~# apt-cache policy certbot | grep -i Installed
Installed: 0.31.0-1+deb10u1
I have now installed the latest version via snap (which I never use).
Code:
name: certbot
summary: Automatically configure HTTPS using Let's Encrypt
publisher: Certbot Project (certbot-eff✓)
store-url: https://snapcraft.io/certbot
contact: https://github.com/certbot/certbot/issues
license: unset
description: |
The objective of Certbot, Let's Encrypt, and the ACME (Automated
Certificate Management Environment) protocol is to make it possible
to set up an HTTPS server and have it automatically obtain a
browser-trusted certificate, without any human intervention. This is
accomplished by running a certificate management agent on the web
server.
This agent is used to:
- Automatically prove to the Let's Encrypt CA that you control the website
- Obtain a browser-trusted certificate and set it up on your web server
- Keep track of when your certificate is going to expire, and renew it
- Help you revoke the certificate if that ever becomes necessary.
commands:
- certbot
services:
certbot.renew: oneshot, enabled, inactive
snap-id: wy7i66qPx4neXr6m9rTh7Y40h8EhtZFh
tracking: latest/stable
refresh-date: today at 20:31 CEST
channels:
latest/stable: 1.19.0 2021-09-07 (1434) 44MB classic
latest/candidate: ↑
latest/beta: 1.19.0 2021-09-07 (1434) 44MB classic
latest/edge: 1.20.0.dev0 2021-10-01 (1498) 44MB classic
installed: 1.19.0 (1434) 44MB classic
The result with the certbot from the package sources:
Code:
Certificate chain
0 s:CN = mydomain.tld
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
With snap-version:
Code:
Certificate chain
0 s:CN = mydomain.tld
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
Ok, now I ran the command with --preferred-chain="ISRG Root X1" again for all certificates already issued.
Now it works after all
... and .... it works!
The old version of Certbot, has here in 2. place still made entries, which are now gone!
Code:
Certificate chain
0 s:CN = mydomain.tld
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
Thanks! it worked... the only think is that i had to remvoe certbot from apt on my 18.04 and add the one from snap
My pihole is up and running again