+++ This bug was initially created as a clone of Bug #2018806 +++ On a system without openssl installed, the unbound-keygen keygen service will fail: # systemctl status unbound-keygen.service ● unbound-keygen.service - Unbound Control Key And Certificate Generator Loaded: loaded (/usr/lib/systemd/system/unbound-keygen.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Sun 2021-10-31 11:28:45 UTC; 2min 16s ago Process: 294605 ExecStart=/usr/sbin/unbound-control-setup -d /etc/unbound/ (code=exited, status=1/FAILURE) Main PID: 294605 (code=exited, status=1/FAILURE) Oct 31 11:28:45 vwb01-00.srv.example.net systemd[1]: Starting Unbound Control Key And Certificate Generator... Oct 31 11:28:45 vwb01-00.srv.example.net unbound-control-setup[294605]: setup in directory /etc/unbound/ Oct 31 11:28:45 vwb01-00.srv.example.net unbound-control-setup[294605]: generating unbound_server.key Oct 31 11:28:45 vwb01-00.srv.example.net unbound-control-setup[294605]: /usr/sbin/unbound-control-setup: line 100: openssl: command not found Oct 31 11:28:45 vwb01-00.srv.example.net unbound-control-setup[294605]: /usr/sbin/unbound-control-setup fatal error: could not genrsa Oct 31 11:28:45 vwb01-00.srv.example.net systemd[1]: unbound-keygen.service: Main process exited, code=exited, status=1/FAILURE Oct 31 11:28:45 vwb01-00.srv.example.net systemd[1]: unbound-keygen.service: Failed with result 'exit-code'. Oct 31 11:28:45 vwb01-00.srv.example.net systemd[1]: Failed to start Unbound Control Key And Certificate Generator. # rpm -qi unbound Name : unbound Version : 1.7.3 Release : 17.el8 Architecture: x86_64 Install Date: Sun Oct 31 11:11:01 2021 Group : Unspecified Size : 5344276 License : BSD Signature : RSA/SHA256, Mon May 17 16:12:40 2021, Key ID 05b555b38483c65d Source RPM : unbound-1.7.3-17.el8.src.rpm Build Date : Mon May 17 15:16:07 2021 Build Host : x86-02.mbox.centos.org Relocations : (not relocatable) Packager : CentOS Buildsys <bugs> Vendor : CentOS URL : https://www.unbound.net/ Summary : Validating, recursive, and caching DNS(SEC) resolver Description : Unbound is a validating, recursive, and caching DNS(SEC) resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modular components, so that also DNSSEC (secure DNS) validation and stub-resolvers (that do not run as a server, but are linked into an application) are easily possible. It should have a dependency on it
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: unbound security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:8062