First boot - Not able to fetch data with HTTPS/443

gokhan · 17 January 2021 10:55

It started with first “apt-get update” where the https sources (i.e. http://archive.raspberrypi.org/) did not respond. I tried to send bug report, did not work as the request was on 443.

I passed the ‘update’ part by changing the https://’ in ‘source.list’ to http://

Now I am stuck at “Downloading current dietpi.txt” step, which is hosted in github (https://). No errors, whatsoever.

I have updated system time, tried to update certificates i.e but no luck.

Can anyone provide permanent solution, rather than a work around?

DietPi version | v6.32.2 (MichaIng/master)
Image creator | DietPi Core Team
Pre-image | Raspbian Lite
Hardware | RPi 4 Model B (armv7l) (ID=4)
Kernel version | Linux DietPi 5.4.51-v7l+ #1333 SMP Mon Aug 10 16:51:40 BST 2020 armv7l GNU/Linux
Distro | buster (ID=5,RASPBIAN=1)

Joulinar · 17 January 2021 11:09

Hi,

many thanks for your message. Do you have anything on your network that could block https access to the internet? Like a firewall, a proxy or a router?

gokhan · 17 January 2021 11:22

No, nothing on router. Pure connection without proxy, vpn or even additional firewall. I am able reach those links from other devices in network.

I have tried both ethernet and wifi on Pi however same result.

gokhan · 17 January 2021 11:24

Further, I can successfully curl and wget to https://www.google.com from the same device

Joulinar · 17 January 2021 11:30

what if you try to curl the file that is hanging?

BTW: try to copy/post the output from your terminal/ssh session instead of doing screen prints. thx

gokhan · 17 January 2021 11:38

curl gets it.

root@DietPi:~# curl https://raw.githubusercontent.com/MichaIng/DietPi/master/dietpi.txt
# IMPORTANT:
# - This is intended for advanced users, unless you know what you are doing, do not edit this file. Please use the DietPi programs instead.
# - Do not remove uncommented lines, as the items are scraped by DietPi programs, on demand.

Thanks for the tip and prompt responses. Really appreciated.

Joulinar · 17 January 2021 11:57

and if you use wget. Does this work to download the file? Because that’s what is done on the step your system stuck.

gokhan · 17 January 2021 12:02

There it is! It hangs at wget

root@DietPi:~# wget https://raw.githubusercontent.com/MichaIng/DietPi/master/dietpi.txt
--2021-01-17 12:00:18--  https://raw.githubusercontent.com/MichaIng/DietPi/master/dietpi.txt
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.140.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.140.133|:443... connected.

Joulinar · 17 January 2021 12:15

I guess one of the following is working?

wget http://raw.githubusercontent.com/MichaIng/DietPi/master/dietpi.txt
wget --no-check-certificate https://raw.githubusercontent.com/MichaIng/DietPi/master/dietpi.txt

gokhan · 17 January 2021 12:22

http request redirects to https and hangs in there

root@DietPi:~# wget http://raw.githubusercontent.com/MichaIng/DietPi/master/dietpi.txt
--2021-01-17 12:20:12--  http://raw.githubusercontent.com/MichaIng/DietPi/master/dietpi.txt
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.140.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.140.133|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://raw.githubusercontent.com/MichaIng/DietPi/master/dietpi.txt [following]
--2021-01-17 12:20:12--  https://raw.githubusercontent.com/MichaIng/DietPi/master/dietpi.txt
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.140.133|:443... connected.

no-check-certificate has no use either

root@DietPi:~# wget --no-check-certificate https://raw.githubusercontent.com/MichaIng/DietPi/master/dietpi.txt
--2021-01-17 12:20:33--  https://raw.githubusercontent.com/MichaIng/DietPi/master/dietpi.txt
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.140.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.140.133|:443... connected.

Joulinar · 17 January 2021 12:59

hmm you could try to reinstall wget as well as ca-certificates

apt update
apt --reinstall install ca-certificates wget

gokhan · 17 January 2021 13:18

Reinstalled wget and certificates. However unfortunately same state. Hanging.

Joulinar · 17 January 2021 13:21

MichaIng
Any ideas why wget could be hanging on Https request?

gokhan · 17 January 2021 13:24

Connected to my phone’s hotspot (different network/cellular), incase of MTU or any other packet related issue however it did not work either.

Wget hangs at https requests.

gokhan · 17 January 2021 18:55

wow!

I tried same in raspberry OS setup, it did not go through. Then installed OpenVPN and gave it a go; voila!

I do not know whether it is ISP blocking https wget or the routing table somehow conflicted.

Joulinar · 17 January 2021 21:25

that would be bad if your ISP is blocking such thinks. And you have the same issue on your mobile phone.

gokhan · 18 January 2021 04:37

Apparently it is not ISP. I have tried it on another hotspot with VPN on, did not work again.

It is most likely a route configuration issue. But why do I have it in two different OS (dietpi 32 and 64bit, raspberry OS)?

So my to-do list:

Have a look at wget spec and see if there are hints in there
Join wget mailing group and raise a ticket/bug
Install a fresh ubuntu release on raspberry and check wget on https
Install OpenVPN during DietPi first-boot to bypass this issue

Joulinar · 18 January 2021 07:49

Just to avoid any confusion. DietPi is not an onw OS. It’s a set of scripts installed on a base image. If you are running a Raspberry Pi device, base image used is Raspberry OS. Means, DietPi is a Raspberry OS with reduced amount of packaged installed and some configuration script on top. Therefore it should not make a difference if you are using DietPi or Raspberry OS.

Most probably it’s your geo location, because the SBC did not decide on the routing within the internet. That’s done by the network devices inside the internet. AS well a VPN (which locate you somewhere else on the globe) is overcoming the situation.

MichaIng · 18 January 2021 13:15

Strange case indeed. Would be interesting to try and compare verbose connections details between curl and wget:

wget -v --spider https://raw.githubusercontent.com/MichaIng/DietPi/master/dietpi.txt
curl -IL https://raw.githubusercontent.com/MichaIng/DietPi/master/dietpi.txt

E.g. our images ship with IPv6 enabled, but IPv4 preferred via wgetrc config. For curl, such is not possible, so curl would connect via IPv6 while wget would do via IPv4 (which can be seen). So would be interesting if the following succeeds:

wget -v --spider -6 https://raw.githubusercontent.com/MichaIng/DietPi/master/dietpi.txt

Btw, if -I/–spider makes a difference (it’s HEAD requests then), skip it, it just avoids that the whole file content is printed to console .

Joulinar · 18 January 2021 13:20

good point regarding IPv6. did not consider it as DNS check passt, which usually indicate an issue on IPv6 if it would fail