can't update. Cerificate errors

Having issues with your DietPi installation or found a bug? Post it here.
manilx
Posts: 133
Joined: Mon Dec 07, 2020 11:02 am

can't update. Cerificate errors

Post by manilx »

Hi

I suddenly get certificate errors when trying to check for updates.

Code: Select all

apt update && apt full-upgrade
Err:1 https://deb.debian.org/debian bullseye InRelease
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 199.232.182.132 443]
Err:2 https://deb.debian.org/debian bullseye-updates InRelease
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 199.232.182.132 443]
Err:3 https://deb.debian.org/debian-security bullseye-security InRelease
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 199.232.182.132 443]
Err:4 https://deb.debian.org/debian bullseye-backports InRelease
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 199.232.182.132 443]
Err:5 https://download.webmin.com/download/repository sarge InRelease
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 108.60.199.109 443]
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: Failed to fetch https://deb.debian.org/debian/dists/bullseye/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 199.232.182.132 443]
W: Failed to fetch https://deb.debian.org/debian/dists/bullseye-updates/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 199.232.182.132 443]
W: Failed to fetch https://deb.debian.org/debian-security/dists/bullseye-security/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 199.232.182.132 443]
W: Failed to fetch https://deb.debian.org/debian/dists/bullseye-backports/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 199.232.182.132 443]
W: Failed to fetch https://download.webmin.com/download/repository/dists/sarge/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 108.60.199.109 443]
W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
How can I update the certs?

Thx in advance
User avatar
Joulinar
Posts: 6001
Joined: Sat Nov 16, 2019 12:49 am

Re: can't update. Cerificate errors

Post by Joulinar »

You could have used search function within this forum to get an answer already. Because this is a known issue at global Debian server side. Pls try follow

Code: Select all

sed -i 's/https:/http:/' /etc/apt/sources.list
apt update
apt upgrade
sed -i 's/http:/https:/' /etc/apt/sources.list
apt update
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
manilx
Posts: 133
Joined: Mon Dec 07, 2020 11:02 am

Re: can't update. Cerificate errors

Post by manilx »

Sorry, looked for something in the last posts only.....

Thx! I also had to change the webmin one.
manilx
Posts: 133
Joined: Mon Dec 07, 2020 11:02 am

Re: can't update. Cerificate errors

Post by manilx »

p.S.

After
sed -i 's/http:/https:/' /etc/apt/sources.list
apt update

it fails again. It has to stay with http for now I guess.
User avatar
Joulinar
Posts: 6001
Joined: Sat Nov 16, 2019 12:49 am

Re: can't update. Cerificate errors

Post by Joulinar »

Did you completed the upgrade before? Does it fail on Debian repository only or as well on webmin after apt upgrade?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
manilx
Posts: 133
Joined: Mon Dec 07, 2020 11:02 am

Re: can't update. Cerificate errors

Post by manilx »

I did the last update check last week and it was fine.
Today is the first time I encountered this.
Also webmin was failing.
Err:5 https://download.webmin.com/download/repository sarge InRelease
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 108.60.199.109 443]
User avatar
Joulinar
Posts: 6001
Joined: Sat Nov 16, 2019 12:49 am

Re: can't update. Cerificate errors

Post by Joulinar »

If I understood correct, there is a broken certificate chain somewhere at Debian repository server side. But that's out of our control. We simply could switch to HTTPS to get apt update done. Usually after completing apt upgrade it should be fine to switch back to HTTPS. Not 100% sure but maybe cache to be cleaned as well before switching back

Code: Select all

/boot/dietpi/func/dietpi-set_software apt-cache clean
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
manilx
Posts: 133
Joined: Mon Dec 07, 2020 11:02 am

Re: can't update. Cerificate errors

Post by manilx »

Tried /boot/dietpi/func/dietpi-set_software apt-cache clean
rebooted but still issue remains. Will stay with http for now.....
User avatar
Joulinar
Posts: 6001
Joined: Sat Nov 16, 2019 12:49 am

Re: can't update. Cerificate errors

Post by Joulinar »

I guess the question you did not answer. You completed apt update && apt upgrade? Correct? And is it still failing on Debian repository only or as well on Webmin repository after upgrade completed?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
manilx
Posts: 133
Joined: Mon Dec 07, 2020 11:02 am

Re: can't update. Cerificate errors

Post by manilx »

Joulinar wrote: Wed Oct 06, 2021 12:51 pm I guess the question you did not answer. You completed apt update && apt upgrade? Correct? And is it still failing on Debian repository only or as well on Webmin repository after upgrade completed?
Yes, I did complete after changing all to http.
After changing back to https it's failing on debian and webmin.
Post Reply