search

QubesOS / qubes-issues

The Qubes OS Project issue tracker
https://www.qubes-os.org/doc/issue-tracking/
534 stars 47 forks source link

Bad/expired certs in all Qubes 4.1 repo mirrors (qubes-dom0-current, qubes-templates-itl, etc) #6309

Closed ghost closed 3 years ago

ghost commented 3 years ago

Qubes OS version 4.1

[test@dom0 ~]$ sudo qubes-dom0-update
Using sys-firewall as UpdateVM to download updates for Dom0; this may take some time...
determining the fastest mirror (130 hosts).. done.-  B/s |   0  B     --:-- ETA
Fedora 32 - x86_64 - Updates                    3.6 MB/s |  28 MB     00:07    
determining the fastest mirror (17 hosts).. done.--  B/s |   0  B     --:-- ETA
Fedora 32 - x86_64                               13 MB/s |  70 MB     00:05    
Qubes Dom0 Repository (updates)                 0.0  B/s |   0  B     00:02    
Errors during downloading metadata for repository 'qubes-dom0-current':
  - Curl error (60): SSL peer certificate or SSH remote key was not OK for https://yum.qubes-os.org/r4.1/current/dom0/fc32/repodata/repomd.xml.metalink [SSL certificate problem: certificate is not yet valid]
Error: Failed to download metadata for repo 'qubes-dom0-current': Cannot prepare internal mirrorlist: Curl error (60): SSL peer certificate or SSH remote key was not OK for https://yum.qubes-os.org/r4.1/current/dom0/fc32/repodata/repomd.xml.metalink [SSL certificate problem: certificate is not yet valid]
Qubes Templates repository                      0.0  B/s |   0  B     00:01    
Errors during downloading metadata for repository 'qubes-templates-itl':
  - Curl error (60): SSL peer certificate or SSH remote key was not OK for https://yum.qubes-os.org/r4.1/templates-itl/repodata/repomd.xml.metalink [SSL certificate problem: certificate is not yet valid]
Error: Failed to download metadata for repo 'qubes-templates-itl': Cannot prepare internal mirrorlist: Curl error (60): SSL peer certificate or SSH remote key was not OK for https://yum.qubes-os.org/r4.1/templates-itl/repodata/repomd.xml.metalink [SSL certificate problem: certificate is not yet valid]
Ignoring repositories: qubes-dom0-current, qubes-templates-itl
Last metadata expiration check: 0:00:12 ago on Fri Dec 25 01:12:04 2020.
Dependencies resolved.
Nothing to do.
Complete!
No packages downloaded
No updates available

-----------------------------------------

easy to fix add option to /etc/dnf/dnf.conf sslverify=0

pinging @fepitre

iamahuman commented 3 years ago

The TLS server certificate of https://yum.qubes-os.org/ has been renewed at 25 December 2020, 08:26:09 UTC.

  - Curl error (60): SSL peer certificate or SSH remote key was not OK for https://yum.qubes-os.org/r4.1/current/dom0/fc32/repodata/repomd.xml.metalink [SSL certificate problem: certificate is not yet valid]

The error message indicates that the certificate issue date is in the future. Please check that your VM's clock is not behind and try again.

Also, the repository is shared between R4.0 and R4.1.

ghost commented 3 years ago

@iamahuman yeah sorry, this is localtime timezone issue. thanks.