Re: I broke "yum update" - C7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Am 2019-08-30 10:52, schrieb Gary Stainburn:
On Thursday 29 August 2019 18:10:19 Alexander Dalloz wrote:
> 2019-08-29 17:23:18,117 exception: [Errno 14] curl#60 - "Peer's
> Certificate issuer is not recognized."
> 2019-08-29 17:23:18,117 retrycode (14) not in list [-1, 2, 4, 5, 6,
> 7], re-raising

[ ... ]

> Cannot retrieve metalink for repository: epel/x86_64. Please verify
> its path and try again

So can we check what version of the ca-certificates packages is being
installed on your system?

And a check into a different direction: what's the date and time of that system? Does it fit or is it wrong? Time being not accurate can make SSL
connections fail.

Firstly, thank you for you help with this Alexander.

You are welcome Gary. And I am curious about what the cause of your repo troubles is.

I had already checked the system time. It was about 3 minutes out, but
I fixed it anyway.  I have checked the RPM for the certificates, and
it matches the one on another box that works.


[root@stan2 ~]# date
Fri 30 Aug 09:45:27 BST 2019
[root@stan2 ~]# rpm -qa|grep cert
ca-certificates-2018.2.22-70.0.el7_5.noarch
[root@stan2 ~]#

That's good. Now please verify that the ca-certificates RPM is healthy:

rpm -V ca-certificates

In addition you can grep for the DigiCert certificates which are used by the fedoraproject.org mirror servers for EPEL (concentrating on a single broken HTTPS repo for now):

# grep "DigiCert" /etc/pki/tls/certs/ca-bundle.crt
# DigiCert Assured ID Root CA
# DigiCert Assured ID Root G2
# DigiCert Assured ID Root G3
# DigiCert Global Root CA
# DigiCert Global Root G2
# DigiCert Global Root G3
# DigiCert High Assurance EV Root CA  <<- that one must be there
# DigiCert Trusted Root G4

Besides a corrupted certificates bundle I cannot imagine a different root cause actually.

Of course you could search system-wide for broken RPM content:

# for RPM in $(rpm -qa); do rpm -V ${RPM} >/dev/null; if [ "$?" -eq 1 ]; then echo "----- ${RPM} -----"; rpm -V ${RPM}; fi; done

Regards,
Alexander

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux