Server Update Failed - Server Certificate Verification Failed

[wiltdavi]

I has been awhile since I have used the server, since the end of 2020, so first thing I wanted to do was make sure it was fully updated. Go to the About screen I saw that it was not automatically updating. I have tried telling it to Update/Restart Server and it is not working. I have restarted the the RPi3B multiple time and it is just stuck at this version.

Reviewing the logs I see this "fatal: unable to access 'https://github.com/chiefwigms/picobrew_pico.git/': server certificate verification failed. CAfile: none CRLfile: none"

I have tried starting over with the Beta6 image and I am running into the same issue.

Here is the log for the version from the screenshot above.

picobrew_pico.log

[chiefwigms]

Try this: https://stackoverflow.com/questions/35821245/github-server-certificate-verification-failed Also, check that your network is up? Odd that the "about" pi settings (ifconfig / pinout etc fail for you).

Might also be worth saving your brew history/recipes and just starting over, although the last "image" was what @tmack8001 made back in January

[tmack8001]

Given there isn't a h2 section mentioning RaspberryPi Image Version then that leads me to believe you aren't on the beta6 image (created in January).

You can ssh in and change the git remote configuration to either ignore insecure certificates (though if you are getting insecure certificates this means either the remote is misconfigured and/or your network is configured in a strange manner) or change how the remote is configured.

Not sure how this would be the issue on an official image release without knowing the image release version you started with.

[wiltdavi]

You are correct that the original information in this post was not from the beta6 image. I tried the beta6_stable image and I am getting the same results.

Here is the Log: picobrew_pico beta6_stable.log

I had found that stackoverflow post too and I plan to try it out this morning. I will let you know what I figure out.

[wiltdavi]

So I was able to get it update. The issue was the time was incorrect and the NTP was not working.

By following the information here I was able to manually update the date and time. Once I had the date and time correct the certificates worked properly and I was able to update the server from the beta6 image.

The NTP sync was still not working until I installed ntp.

apt-get install ntp

After doing this, the clock was synced properly.

This has resolved my issue. I am not sure why I am the only one who experienced this. Does this mean a new image should be created? If based on my comments no changes are required, please feel free to close this ticket.

[chiefwigms]

I didn't uninstall ntp from the image, but i'm not sure if it's builtin with the default image. I don't think it warrants a new image though

[tmack8001]

Interesting. I have been running beta6 since January (though changes aren't happening frequently at all to the source these days) and haven't had an issue.

I'm also 2.5hr away from my picobrew equipment right now and won't be back to them until next of next week. I'll take a look when I get back. 🤔 as to why NTP wouldn't have been working, we didn't explicitly remove it as @chiefwigms mentions above... though maybe it wasn't there to begin with (I'd doubt that)

[tmack8001]

We are leveraging pi-gen to build our images on top of Raspbian and specifically "Stage 2" (excerpt posted below) which explicitly installs ntp prior to us.

Stage 2 - lite system. This stage produces the Raspbian-Lite image. It installs some optimized memory functions, sets timezone and charmap defaults, installs fake-hwclock and ntp, wireless LAN and bluetooth support, dphys-swapfile, and other basics for managing the hardware. It also creates necessary groups and gives the pi user access to sudo and the standard console hardware permission groups.

[wiltdavi]

When I ran apt-get install ntp it definitely acted like it was being installed for the first time. I would be interested if you see the same thing from the beta6 image. It would make me feel better knowing I am not crazy ;).

All in all, if someone else runs into this issue they should be able to find this ticket for support.