Certificate expired error on update or installation

12 réponses [Dernière contribution]
prvteprts

I am a member!

Hors ligne
A rejoint: 09/30/2010

I'm unable to install or update anything, and instead get the error posted below. This suddenly happened on my laptop without warning; my desktop works just fine. This seems to have happened before: https://trisquel.info/en/forum/apt-get-update-problem-trisquel-gnulinux-9

Any advice?


Hit:1 http://ppa.launchpad.net/gencfsm/ppa/ubuntu bionic InRelease
Ign:2 https://archive.trisquel.info/trisquel etiona InRelease
Ign:3 https://archive.trisquel.info/trisquel etiona-security InRelease
Ign:4 https://archive.trisquel.info/trisquel etiona-updates InRelease
Err:5 https://archive.trisquel.info/trisquel etiona Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 209.51.188.51 443]
Err:6 https://archive.trisquel.info/trisquel etiona-security Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 209.51.188.51 443]
Err:7 https://archive.trisquel.info/trisquel etiona-updates Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 209.51.188.51 443]
Reading package lists... Done
E: The repository 'https://archive.trisquel.info/trisquel etiona Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'https://archive.trisquel.info/trisquel etiona-security Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'https://archive.trisquel.info/trisquel etiona-updates Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

linuc
Hors ligne
A rejoint: 10/17/2021

You have to go to etc/apt and edit the sources.list file.

Replace all https with http. Then try again. It was working for me.

You need to be root for this. You can start pcmanfm in the terminal with:

sudo -H pcmanfm

Hope it will work :-)

Magic Banana

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/24/2010

A "geekier" way to do the substitution from a terminal:
$ sudo sed -i s/https/http/ /etc/apt/sources.list

amenex
Hors ligne
A rejoint: 01/03/2015

Be careful: https://trisquel.info/en/forum/ca-certificate-issue-while-installing-any-package#comment-161334
My logins to Cpanel were getting intercepted because of the insecurity of http.
Could trisquel's certificate problem by related to OVH's fire ?
https://www.datacenterdynamics.com/en/news/ovh-fire-restart-continues-ovhcloud-has-no-lift-sbg3/

linuc
Hors ligne
A rejoint: 10/17/2021

"geekier"...I had to google it. But it works of course fine :-)

lanun
Hors ligne
A rejoint: 04/01/2021

> g00gle it

Note that you might also look up "geekier" on duckduckgo, or Qwant, or even better on searX.

Just make sure not to confuse it with "nerdier".

prvteprts

I am a member!

Hors ligne
A rejoint: 09/30/2010

Thanks for the input everyone. I managed to resolve it by disabling certificate verification temporarily, and then updating the ca-certificates package. After that, I re-enabled certificate verification.

I believe the issue was caused by outdated certificates that were patched in the ca-certificates package. Since I hadn't been updating packages on my laptop for a while, I missed that important patch and it finally reached a point where the existing certificates went bad.

linuc
Hors ligne
A rejoint: 10/17/2021

Can you explain to me in more detail how to do this? That would be helpful to me.

prvteprts

I am a member!

Hors ligne
A rejoint: 09/30/2010

I followed the basic idea presented here: https://www.claudiokuenzler.com/blog/1088/how-to-solve-apt-error-server-certificate-verification-failed

More specifically:

1. Backup the contents of `/etc/apt/apt.conf.d/02trisquel`
2. Replace the contents of `/etc/apt/apt.conf.d/02trisquel` with `Acquire::https::repos.influxdata.com::Verify-Peer "false"`
3. Run `sudo apt update` and `sudo apt install ca-certificates`
4. Restore the original contents of `/etc/apt/apt.conf.d/02trisquel`
5. Run `sudo apt update` again to check if the certificate verification error is resolved

linuc
Hors ligne
A rejoint: 10/17/2021

Thank you! I will test this, when I will do a new installation, after I will be finished with testing Trisquel.

damidu
Hors ligne
A rejoint: 03/30/2021

You should use apt-get

apt-get --purge autoremove for removing configuration files.

"All features of apt(8) are available in dedicated APT tools like apt-get(8) and apt-cache(8) as well"

And read https://www.debian.org/doc/manuals/debian-faq/pkg-basics.en.html

As all are joke. You mistreat people who take time to write the tools and documentation. It's the same about wayland
( https://wayland.freedesktop.org/architecture.html )
and hyperbola ( https://wiki.hyperbola.info/doku.php?id=:en:start ).

kusarigama
Hors ligne
A rejoint: 08/23/2021

Hi folks. I had this error https://trisquel.info/en/forum/trisquel-9-grub-efi-amd64-signed-package-failed-install before when installing Trisquel 9, solved it by simply enabling the internet connection. At the time of installation it must have been downloading some package for grub and EFI. Now because of problems with the certificate I can not do this during the installation and I get this grub package error again) Changing the certificates as described above does not help as the installer ignores the repository information update. I'm stumped now) Now there is an option to download Trisquel 10 beta, and use it) I checked, version 10 doesn't have that problem with https/http.

PS It turns out that the Trisquel 9 images that are now on the site are not quite working, during the installation, due to problems with the certificates.

Screenshot at 2021-10-04 16-05-52.png
linuc
Hors ligne
A rejoint: 10/17/2021

Thank you for the information. I work with Trisquel Mini and I hope that the problem will be fixed there soon as well.