Closed BryantIT closed 4 years ago
FetchError: request to https://codeload.github.com/AtomLinter/linter-eslint/legacy.tar.gz/v8.5.5 failed, reason: unable to verify the first certificate
As I already told you, this means your system is unable to validate the certificate for codeload.github.com
. What does the following command give you?
echo | openssl s_client -connect codeload.github.com:443 -servername codeload.github.com
As before, either your system is out of date, somebody is trying to MITM all your traffic, or you are behind a broken proxy server.
error 404 Not Found: https://www.atom.io/api/packages/pigments/versions/0.40.2/tarball
This URL loads perfectly fine here, the fact that this one is a 404 instead of a bad certificate makes me lean towards you being behind a broken proxy server.
Are you able to try using a different connection? VPN?
Output is:
echo | openssl s_client -connect codeload.github.com:443 -servername codeload.github.com
CONNECTED(00000005)
depth=0 C = US, postalCode = 19103, ST = PA, L = Philadelphia, street = 1 Comcast Center, O = Comcast Corporation, OU = Hosted by Comcast Corporation, OU = EliteSSL, CN = low-xdns.xfinity.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, postalCode = 19103, ST = PA, L = Philadelphia, street = 1 Comcast Center, O = Comcast Corporation, OU = Hosted by Comcast Corporation, OU = EliteSSL, CN = low-xdns.xfinity.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:C = US, postalCode = 19103, ST = PA, L = Philadelphia, street = 1 Comcast Center, O = Comcast Corporation, OU = Hosted by Comcast Corporation, OU = EliteSSL, CN = low-xdns.xfinity.com
i:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Organization Validation Secure Server CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF8TCCBNmgAwIBAgIRANha3UJUpGlsYXmy6GiEqrgwDQYJKoZIhvcNAQELBQAw
gZYxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTwwOgYD
VQQDEzNDT01PRE8gUlNBIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIFNlY3VyZSBT
ZXJ2ZXIgQ0EwHhcNMTcwODA4MDAwMDAwWhcNMTkwODA4MjM1OTU5WjCB1DELMAkG
A1UEBhMCVVMxDjAMBgNVBBETBTE5MTAzMQswCQYDVQQIEwJQQTEVMBMGA1UEBxMM
UGhpbGFkZWxwaGlhMRkwFwYDVQQJExAxIENvbWNhc3QgQ2VudGVyMRwwGgYDVQQK
ExNDb21jYXN0IENvcnBvcmF0aW9uMSYwJAYDVQQLEx1Ib3N0ZWQgYnkgQ29tY2Fz
dCBDb3Jwb3JhdGlvbjERMA8GA1UECxMIRWxpdGVTU0wxHTAbBgNVBAMTFGxvdy14
ZG5zLnhmaW5pdHkuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
mopjEEufS7r8FYVwr3dQf4RCQNFnpvRO4F57aE5+msSkLRKVcY3tLxLi7Ve8A5tp
24VxGQEowT9sXyCoEh8TeKN01ebaQUgAfDdtnOKFRv74Pyct4oNzk7PiWpxRrSEX
9t+AW1DAHFWgQO7aO2eYTZfkFV6A2wHnhGXjEV5xUHFor2tNrrVTUAVXSu8xvyCL
JXREI/IGnp//jp89ydYRKgWp3t/ZS4n9CvenYN1zNn7hFecpNR+aduedBAa6MwZX
7JRqys+w5tg47iwze10heEkXX7tj1obcgpHl9Nqz2jcRgAR8oh5clT+P0fnwrct6
sOyx7a7LeUHcoIQ6dAGxvwIDAQABo4IB+DCCAfQwHwYDVR0jBBgwFoAUmvMr2s+t
T7YvuypISCoStxtCwSQwHQYDVR0OBBYEFDvmFAgrMvg3WA1WEla1VDjifH2ZMA4G
A1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjBQBgNVHSAESTBHMDsGDCsGAQQBsjEBAgEDBDArMCkGCCsGAQUF
BwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgIwWgYD
VR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNB
T3JnYW5pemF0aW9uVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBiwYIKwYB
BQUHAQEEfzB9MFUGCCsGAQUFBzAChklodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9D
T01PRE9SU0FPcmdhbml6YXRpb25WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0
MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wOQYDVR0RBDIw
MIIUbG93LXhkbnMueGZpbml0eS5jb22CGHd3dy5sb3cteGRucy54ZmluaXR5LmNv
bTANBgkqhkiG9w0BAQsFAAOCAQEADu8b5oT3fD6HRbY3wNoKmnbfKvPwDvJblES0
wrns3PJ7B3YlVlXzyJhbscfuvopfAAYgl2LynGvV71EiPhL3tesNSDSaQKGwFBJT
ewNE16DhCh12cbTI6Scdp12SR+YQPPAgK1BtzcIjX8jF6iDHzBVvdWdqQLz6nVAE
FUlJ0bkqBUOMhHz+tv4/rm/EtbpI9lOhq1bywLs0oPTRMqWMuXX7Ni4TKY2nt0qW
dadInPwjTu6d22uf8V2Vido7Sbb0VW2zvv9tyEnIPgi7X+jWgiFYyW6EJti5nkQ3
wZJaNsrWLjZIuewNYJ9nEdJ07iChXZc5WINwQoPY9Rq6JNHlHA==
-----END CERTIFICATE-----
subject=C = US, postalCode = 19103, ST = PA, L = Philadelphia, street = 1 Comcast Center, O = Comcast Corporation, OU = Hosted by Comcast Corporation, OU = EliteSSL, CN = low-xdns.xfinity.com
issuer=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Organization Validation Secure Server CA
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2211 bytes and written 447 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 0C43D8531ABA9B3469ECFF31F819B41EA59297E0B48094C387F5B7ACE9EB3C64
Session-ID-ctx:
Master-Key: 7191E016D3FEC11DC7D2C7921544DA2C0057CAD361A47EB65F13DDA9ABF9A66AD598A34680C64AFD6F45E39532BFC3E2
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 600 (seconds)
TLS session ticket:
0000 - 20 94 c9 9b 5d 33 69 27-52 76 c6 2b b1 e2 52 7b ...]3i'Rv.+..R{
0010 - bf 7d 85 7b 69 95 11 65-70 4c 79 81 96 cd a0 ae .}.{i..epLy.....
0020 - 2d 0c 87 86 4c a8 50 b7-ee 3f 3b 02 f3 e8 04 94 -...L.P..?;.....
0030 - 84 89 cb 6a 3e 6d 64 dd-2c 32 f5 b0 e7 27 51 7e ...j>md.,2...'Q~
0040 - 9c 03 98 ac c9 6e d6 0a-b6 b0 8b cf 6d b3 da f9 .....n......m...
0050 - 54 b4 f1 a7 d6 87 04 82-ab ef ae 7f 8d 8c 2a 23 T.............*#
0060 - 9a 6f a0 f2 8c e3 01 3b-e0 b7 cb c4 86 4a 3a 19 .o.....;.....J:.
0070 - dd c2 17 86 7a 3f ed e9-8f 4d f6 a4 67 4e 04 63 ....z?...M..gN.c
0080 - ac 26 37 db 0f 1b 6b 6b-6f 26 25 32 60 63 2c 23 .&7...kko&%2`c,#
0090 - 05 98 61 6b 82 80 46 e5-66 12 6f 36 26 4c f1 79 ..ak..F.f.o6&L.y
00a0 - d8 74 2d 51 8c 3c 32 24-c0 b3 c4 74 1a cd b8 0b .t-Q.<2$...t....
00b0 - e0 0d 04 fb 94 a9 a3 8b-34 e2 53 93 b8 44 83 2f ........4.S..D./
Start Time: 1580838171
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: no
---
DONE
If I run openssl s_client -CApath /etc/ssl/certs/ -connect address.com:443
it connects and certifies without an error.
As far as I can tell anything else I do (webpages, Kraken, just tested on VS code, git, etc all seem to be just fine. It's only when I am using Atom and apm.)
depth=0 C = US, postalCode = 19103, ST = PA, L = Philadelphia, street = 1 Comcast Center, O = Comcast Corporation, OU = Hosted by Comcast Corporation, OU = EliteSSL, CN = low-xdns.xfinity.com
verify error:num=20:unable to get local issuer certificate
verify return:1
Looks like you are on Comcast and they are intercepting and attempting to modify the traffic. You'll need to contact Comcast support about this issue and ask them why they are breaking your internet connection.
I'm getting GitHub errors due to this Comcast MiTM practice as well. Starting yesterday, various parts of GitHub.com are broken as is the desktop app.
Prerequisites
Description
All atempts at installing Atom packages fail
Steps to Reproduce
Expected behavior:
To be able to install packages
Actual behavior:
2 different alternating errors when trying to install a package both via Atom directly and via the command line.
Reproduces how often:
100%
Versions
Atom : 1.43.0 Electron: 4.2.7 Chrome : 69.0.3497.128 Node : 10.11.0
apm 2.4.3 npm 6.2.0 node 10.2.1 x64 atom 1.43.0 python 2.7.17 git 2.17.1
I'm on Ubuntu Distributor ID: Ubuntu Description: Ubuntu 18.04.4 LTS Release: 18.04 Codename: bionic
Additional Information
Have tried this on over 10 different packages. Just started yesterday having this problem. I'll post the error log for 2 of them below.