Unable to get issuer certificate

[Alee14]

Affected Version

paru -V paru v1.11.1 +backtrace - libalpm v13.0.1

Description

Have you checked previous issues? For a while, when attempting to upgrade my AUR packages, I always gets an error saying there was problems with SSL. I have done update-ca-trust, and didn't work the only solution was to switch back to yay.

Output

Include the FULL output of any relevant commands/configs

Don't cut parts of the input always include the FULL thing

Welcome to fish, the friendly interactive shell
Type `help` for instructions on how to use fish

~ on ☁️  (us-east-2)
❯ paru -Syu
Please touch the device.
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 community is up to date
 multilib is up to date
 liquorix is up to date
 theapps is up to date
 dkp-libs is up to date
 dkp-linux is up to date
:: Starting full system upgrade...
 there is nothing to do
:: Looking for AUR upgrades...
:: Looking for devel upgrades...
error: error sending request for url (https://aur.archlinux.org/rpc?arg%5B%5D=86box&arg%5B%5D=86box-roms&arg%5B%5D=amd-vulkan-prefixes&arg%5B%5D=amdgpu-pro-libgl&arg%5B%5D=amf-amdgpu-pro&arg%5B%5D=anaconda&arg%5B%5D=anbox-modules-dkms-git&arg%5B%5D=android-ndk&arg%5B%5D=android-sdk&arg%5B%5D=appimagelauncher&arg%5B%5D=appimagetool-bin&arg%5B%5D=archlinux-artwork&arg%5B%5D=aseprite-git&arg%5B%5D=bandcamp-dl-git&arg%5B%5D=betterlockscreen&arg%5B%5D=bottles&arg%5B%5D=brother-hl2240-cups-bin&arg%5B%5D=bun&arg%5B%5D=cask&arg%5B%5D=cava&arg%5B%5D=cef-minimal-obs-bin&arg%5B%5D=cef-minimal-obs-studio-browser-bin&arg%5B%5D=celt&arg%5B%5D=cemu&arg%5B%5D=ceph-libs&arg%5B%5D=checkra1n-cli&arg%5B%5D=classicube-git&arg%5B%5D=clipman&arg%5B%5D=cpu-x&arg%5B%5D=craftos-pc&arg%5B%5D=craftos-pc-data&arg%5B%5D=cydia-impactor&arg%5B%5D=davinci-resolve&arg%5B%5D=deb2appimage&arg%5B%5D=debtap&arg%5B%5D=deskreen&arg%5B%5D=discover-overlay&arg%5B%5D=dislocker&arg%5B%5D=dnslookup-bin&arg%5B%5D=dosbox-x&arg%5B%5D=dotnet-runtime-3.1&arg%5B%5D=dotnet-runtime-5.0-bin&arg%5B%5D=downgrade&arg%5B%5D=droidcam&arg%5B%5D=electron13&arg%5B%5D=electron15&arg%5B%5D=extundelete&arg%5B%5D=fann&arg%5B%5D=figma-linux&arg%5B%5D=gconf&arg%5B%5D=git-credential-manager-core&arg%5B%5D=godot-mono-bin&arg%5B%5D=goverlay&arg%5B%5D=grapejuice-git&arg%5B%5D=greetd&arg%5B%5D=greetd-tuigreet&arg%5B%5D=gtk3-nocsd-git&arg%5B%5D=heroic-games-launcher-bin&arg%5B%5D=hsakmt-roct&arg%5B%5D=hxd&arg%5B%5D=i3-wk-switch-git&arg%5B%5D=i3ipc-python-git&arg%5B%5D=i3lock-color&arg%5B%5D=iat&arg%5B%5D=icoextract&arg%5B%5D=j4-dmenu-desktop&arg%5B%5D=jellyfin-media-player&arg%5B%5D=lib32-mangohud&arg%5B%5D=lib32-vulkan-amdgpu-pro&arg%5B%5D=libajantv2&arg%5B%5D=libavresample&arg%5B%5D=libgbinder&arg%5B%5D=libglibutil&arg%5B%5D=mailspring&arg%5B%5D=makemkv&arg%5B%5D=mangohud&arg%5B%5D=mangohud-common&arg%5B%5D=marktext-bin&arg%5B%5D=megasync-bin&arg%5B%5D=melonds&arg%5B%5D=micropolis-git&arg%5B%5D=mimic&arg%5B%5D=minecraft-launcher&arg%5B%5D=mkchromecast&arg%5B%5D=moc-pulse&arg%5B%5D=mongodb-compass&arg%5B%5D=mullvad-tray&arg%5B%5D=mullvad-vpn&arg%5B%5D=multimc-bin&arg%5B%5D=mycroft-core&arg%5B%5D=ncurses5-compat-libs&arg%5B%5D=ngrok&arg%5B%5D=noisetorch&arg%5B%5D=nomachine&arg%5B%5D=nuclear-player-bin&arg%5B%5D=nvm&arg%5B%5D=obs-streamfx&arg%5B%5D=obs-studio-git&arg%5B%5D=obs-vkcapture-git&arg%5B%5D=olive&v=5&type=info): error trying to connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1919: (unable to get issuer certificate)

~ on ☁️  (us-east-2) took 5s
❯

paru.conf and pacman.conf are usually always relevant

#
# $PARU_CONF
# /etc/paru.conf
# ~/.config/paru/paru.conf
#
# See the paru.conf(5) manpage for options

#
# GENERAL OPTIONS
#
[options]
PgpFetch
Devel
Provides
DevelSuffixes = -git -cvs -svn -bzr -darcs -always -hg -fossil
#AurOnly
#BottomUp
#RemoveMake
#SudoLoop
#UseAsk
#SaveChanges
#CombinedUpgrade
#CleanAfter
#UpgradeMenu
#NewsOnUpgrade

#LocalRepo
#Chroot
#Sign
#SignDb
#KeepRepoCache

#
# Binary OPTIONS
#
#[bin]
#FileManager = vifm
#MFlags = --skippgpcheck
#Sudo = doas

#
# /etc/pacman.conf
#
# See the pacman.conf(5) manpage for option and repository directives

#
# GENERAL OPTIONS
#
[options]
# The following paths are commented out with their default values listed.
# If you wish to use different paths, uncomment and update the paths.
#RootDir     = /
#DBPath      = /var/lib/pacman/
#CacheDir    = /var/cache/pacman/pkg/
#LogFile     = /var/log/pacman.log
#GPGDir      = /etc/pacman.d/gnupg/
#HookDir     = /etc/pacman.d/hooks/
HoldPkg     = pacman glibc
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto

# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
#IgnorePkg   =
#IgnoreGroup =

#NoUpgrade   =
#NoExtract   =

# Misc options
#UseSyslog
Color
ILoveCandy
#NoProgressBar
CheckSpace
VerbosePkgLists
ParallelDownloads = 10  

# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel    = Required DatabaseOptional
LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required

# NOTE: You must run `pacman-key --init` before first using pacman; the local
# keyring can then be populated with the keys of all official Arch Linux
# packagers with `pacman-key --populate archlinux`.

#
# REPOSITORIES
#   - can be defined here or included from another file
#   - pacman will search repositories in the order defined here
#   - local/custom mirrors can be added here or in separate files
#   - repositories listed first will take precedence when packages
#     have identical names, regardless of version number
#   - URLs will have $repo replaced by the name of the current repo
#   - URLs will have $arch replaced by the name of the architecture
#
# Repository entries are of the format:
#       [repo-name]
#       Server = ServerName
#       Include = IncludePath
#
# The header [repo-name] is crucial - it must be present and
# uncommented to enable the repo.
#

# The testing repositories are disabled by default. To enable, uncomment the
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.

#[testing]
#Include = /etc/pacman.d/mirrorlist

[core]
Include = /etc/pacman.d/mirrorlist

[extra]
Include = /etc/pacman.d/mirrorlist

#[community-testing]
#Include = /etc/pacman.d/mirrorlist

[community]
Include = /etc/pacman.d/mirrorlist

# If you want to run 32 bit applications on your x86_64 system,
# enable the multilib repositories as required here.

#[multilib-testing]
#Include = /etc/pacman.d/mirrorlist

[multilib]
Include = /etc/pacman.d/mirrorlist

[liquorix]
Server = https://liquorix.net/archlinux/$repo/$arch

#[chaotic-aur]
#Include = /etc/pacman.d/chaotic-mirrorlist 

[theapps]
SigLevel = Optional TrustAll
Server = https://packages.vicr123.com/arch/$arch/

[dkp-libs]
Server = https://pkg.devkitpro.org/packages

[dkp-linux]
Server = https://pkg.devkitpro.org/packages/linux/$arch/

# An example of a custom package repository.  See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

[Morganamilo]

No Idea if this is still an issue. But it's not going to be paru's fault.