askovi
commented
4 years ago Try with curl -k https://install.pi-hole.net | bash
Closed robberburn closed 4 years ago
askovi
commented
4 years ago Try with curl -k https://install.pi-hole.net | bash
robberburn
commented
4 years ago Already done, also the --insecure command. Not working. Seems there is an issue with the certificates.
mkellsy
commented
4 years ago You can always use wget
wget -q -O - https://install.pi-hole.net | bash -[i] Downloading and Installing FTL...curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. [✗] Downloading and Installing FTL Error: URL https://github.com/pi-hole/ftl/releases/latest/download/pihole-FTL-arm-linux-gnueabihf not found [✗] FTL Engine not installed
mkellsy
commented
4 years ago We have been looking into this. We simply install curl on the system. Have you tried to update curl?
robberburn
commented
4 years ago Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Feb 25 19:03:24 2020 from 192.168.120.28
hoobs@hoobs:~ $ sudo apt-get update
Get:1 https://dl.yarnpkg.com/debian stable InRelease [17.1 kB]
Get:2 http://archive.raspberrypi.org/debian buster InRelease [25.1 kB]
Hit:3 http://raspbian.raspberrypi.org/raspbian buster InRelease
Err:1 https://dl.yarnpkg.com/debian stable InRelease
The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging yarn@dan.cx
Get:4 http://archive.raspberrypi.org/debian buster/main armhf Packages [278 kB]
Fetched 320 kB in 2s (176 kB/s)
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging yarn@dan.cx
W: Failed to fetch https://dl.yarnpkg.com/debian/dists/stable/InRelease The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging yarn@dan.cx
W: Some index files failed to download. They have been ignored, or old ones used instead.
hoobs@hoobs:~ $
mkellsy
commented
4 years ago After some research, this is due to some renaming with cURL. It is best to update cURL.
These steps will get the updated ca root certificate from Firefox.
curl --remote-name --time-cond cacert.pem https://curl.haxx.se/ca/cacert.pemThen run the Pi Hole command with the new --cacert
curl -sSL --cacert cacert.pem https://install.pi-hole.net | sudo bashhoobs@hoobs:~ $ curl --remote-name --time-cond cacert.pem https://curl.haxx.se/ca/cacert.pem Warning: Illegal date format for -z, --time-cond (and not a file name). Warning: Disabling time condition. See curl_getdate(3) for valid date syntax. % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. hoobs@hoobs:~ $
robberburn
commented
4 years ago hoobs@hoobs:~ $ curl -sSL --cacert cacert.pem https://install.pi-hole.net | sudo bash curl: (77) error setting certificate verify locations: CAfile: cacert.pem CApath: /etc/ssl/certs hoobs@hoobs:~ $
mkellsy
commented
4 years ago Try seeing if the certs folder is there
ls -la /etc/sslif it is run this
cd /etc/ssl/certs
sudo curl --remote-name --time-cond cacert.pem https://curl.haxx.se/ca/cacert.pemThen try to install normally or use the --cacert cacert.pem flag
robberburn
commented
4 years ago hoobs@hoobs:~ $ ls -la /etc/ssl total 36 drwxr-xr-x 4 root root 4096 Feb 25 09:14 . drwxr-xr-x 95 root root 4096 Feb 25 18:54 .. drwxr-xr-x 2 root root 12288 Jan 18 23:59 certs -rw-r--r-- 1 root root 11118 Oct 12 21:56 openssl.cnf drwx------ 2 root root 4096 Oct 12 21:56 private hoobs@hoobs:~ $ cd /etc/ssl/certs hoobs@hoobs:/etc/ssl/certs $ sudo curl --remote-name --time-cond cacert.pem https://curl.haxx.se/ca/cacert.pem Warning: Illegal date format for -z, --time-cond (and not a file name). Warning: Disabling time condition. See curl_getdate(3) for valid date syntax. % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. hoobs@hoobs:/etc/ssl/certs $
mkellsy
commented
4 years ago OK try this command
sudo update-ca-certificatesIt should work on Raspbian. Then try to install.
curl -sSL https://install.pi-hole.net | sudo bashhoobs@hoobs:/etc/ssl/certs $ sudo update-ca-certificates Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done. hoobs@hoobs:/etc/ssl/certs $ curl -sSL https://install.pi-hole.net | sudo bash curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. hoobs@hoobs:/etc/ssl/certs $
mkellsy
commented
4 years ago This looks like an issue with the ca root for Let's Encrypt, it's a server configuration issue with Pi Hole. I am looking for a way around this. For the meantime try this command.
curl -k https://install.pi-hole.net | sudo bashAlso can you run this and post the output
curl -vs https://install.pi-hole.nethoobs@hoobs:~/.hoobs/etc $ curl -k https://install.pi-hole.net | bash % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 5 100 5 0 0 36 0 --:--:-- --:--:-- --:--:-- 36 bash: line 1: Found: command not found hoobs@hoobs:~/.hoobs/etc $ curl -vs https://install.pi-hole.net
mkellsy
commented
4 years ago One more thing to try. Using wget to download the cacert.pem file.
cd /etc/ssl/certssudo wget https://curl.haxx.se/ca/cacert.pemThen
curl -sSL --cacert cacert.pem https://install.pi-hole.net | sudo bashAlso can I get the version of curl you are using
curl --versionhoobs@hoobs:/etc/ssl/certs $ curl --version curl 7.64.0 (arm-unknown-linux-gnueabihf) libcurl/7.64.0 OpenSSL/1.1.1d zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3 Release-Date: 2019-02-06 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL hoobs@hoobs:/etc/ssl/certs $
robberburn
commented
4 years ago [✓] Enabling lighttpd service to start on reboot... [✓] Checking for user 'pihole'
[i] FTL Checks...
[✓] Detected ARM-hf architecture (armv7+) [i] Checking for existing FTL binary... [i] Downloading and Installing FTL...curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. [✗] Downloading and Installing FTL Error: URL https://github.com/pi-hole/ftl/releases/latest/download/pihole-FTL-arm-linux-gnueabihf not found [✗] FTL Engine not installed hoobs@hoobs:/etc/ssl/certs $
mkellsy
commented
4 years ago I am researching what to do. But lets see if the ca certs are actually installed
sudo apt-get install ca-certificateshoobs@hoobs:~ $ sudo apt-get install ca-certificates
Reading package lists... Done
Building dependency tree
Reading state information... Done
ca-certificates is already the newest version (20190110).
0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.
mkellsy
commented
4 years ago Do you see anything when you run this?
cat /etc/ssl/certs/ca-certificates.crtDon't post it, I just want to know if this file exists.
robberburn
commented
4 years ago jepp, existing
mkellsy
commented
4 years ago Let's check the size of that file.
ls -la /etc/ssl/certsFind the ca-certificates.crt file and post that line. Mine looks like this
-rw-r--r-- 1 root root 200061 Feb 25 11:42 ca-certificates.crt-rw-r--r-- 1 root root 200061 Feb 25 19:46 ca-certificates.crt
mkellsy
commented
4 years ago Stupid question. Is openssl installed?
sudo apt-get updatesudo apt-get install opensslAlso upgrade curl
sudo apt-get upgrade curlhoobs@hoobs:~/.hoobs/etc $ sudo apt-get update
Hit:1 http://archive.raspberrypi.org/debian buster InRelease
Hit:2 http://raspbian.raspberrypi.org/raspbian buster InRelease
Get:3 https://dl.yarnpkg.com/debian stable InRelease [17.1 kB]
Err:3 https://dl.yarnpkg.com/debian stable InRelease
The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging yarn@dan.cx
Fetched 17.1 kB in 2s (10.6 kB/s)
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging yarn@dan.cx
W: Failed to fetch https://dl.yarnpkg.com/debian/dists/stable/InRelease The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging yarn@dan.cx
W: Some index files failed to download. They have been ignored, or old ones used instead.
hoobs@hoobs:~/.hoobs/etc $ sudo apt-get update openssl
E: The update command takes no arguments
robberburn
commented
4 years ago hoobs@hoobs:~/.hoobs/etc $ sudo apt-get update
Hit:1 http://archive.raspberrypi.org/debian buster InRelease
Hit:2 http://raspbian.raspberrypi.org/raspbian buster InRelease
Get:3 https://dl.yarnpkg.com/debian stable InRelease [17.1 kB]
Err:3 https://dl.yarnpkg.com/debian stable InRelease
The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging yarn@dan.cx
Fetched 17.1 kB in 2s (10.6 kB/s)
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging yarn@dan.cx
W: Failed to fetch https://dl.yarnpkg.com/debian/dists/stable/InRelease The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging yarn@dan.cx
W: Some index files failed to download. They have been ignored, or old ones used instead.
hoobs@hoobs:~/.hoobs/etc $ sudo apt-get update openssl
E: The update command takes no arguments
hoobs@hoob
mkellsy
commented
4 years ago sudo apt-get upgrade curl
robberburn
commented
4 years ago hoobs@hoobs:~/.hoobs/etc $ sudo apt-get upgrade curl
Reading package lists... Done
Building dependency tree
Reading state information... Done
curl is already the newest version (7.64.0-4+deb10u1).
Calculating upgrade... Done
The following packages have been kept back:
binutils binutils-arm-linux-gnueabihf binutils-common libbinutils
0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.
mkellsy
commented
4 years ago But apt is not updating. I am looking into that.
mkellsy
commented
4 years ago See if you can run this command
curl -ksS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -ok
mkellsy
commented
4 years ago Good, Not run this
sudo apt-get updateDo you get the GPG error?
robberburn
commented
4 years ago hoobs@hoobs:~/.hoobs/etc $ sudo apt-get update
Hit:1 http://archive.raspberrypi.org/debian buster InRelease
Hit:2 http://raspbian.raspberrypi.org/raspbian buster InRelease
Get:3 https://dl.yarnpkg.com/debian stable InRelease [17.1 kB]
Fetched 17.1 kB in 1s (12.2 kB/s)
Reading package lists... Done
hoobs@hoobs:~/.hoobs/etc $
robberburn
commented
4 years ago wtf is this
mkellsy
commented
4 years ago This updates the apt-get repository. Now you can try to run this
sudo apt-get upgrade curlhoobs@hoobs:~/.hoobs/etc $ sudo apt-get upgrade curl E: Invalid operation upgrade
mkellsy
commented
4 years ago Dang markdown. Try it without the **
sudo apt-get upgrade curlhoobs@hoobs:~/.hoobs/etc $ sudo apt-get upgrade curl
Reading package lists... Done
Building dependency tree
Reading state information... Done
curl is already the newest version (7.64.0-4+deb10u1).
Calculating upgrade... Done
The following packages have been kept back:
binutils binutils-arm-linux-gnueabihf binutils-common libbinutils
0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.
mkellsy
commented
4 years ago I am going to need time to figure this out. The issue is I am unable to replicate. I need to go through my SD cards to find one that has this issue.
robberburn
commented
4 years ago ok. Thanks so far
robberburn
commented
4 years ago I think it is a 100% problem with the hoobs installation. Raspbian + pi-hole is working. Hoobs image with pi-hole not working. Raspbian + online installation from the Hoobs-Server (with very old nmp-Version) not installing pi-hole. Going back to Raspbian+Homebridge+pi-hole+deCONZ, everything working fine.
mkellsy
commented
4 years ago We are looking into our build process. I think when we build with Docker, the ca-authority certificates are not being linked properly. If this is the case, I will switch over to our Debian build machine and see it that fixes it. If not we will need to rebuild the gen tool from the ground up.
mkellsy
commented
4 years ago I found out that this is an issue with the Raspberry Pi Raspbian build utility. They have a fix for it and we are rebuilding the image.
This is done in 3.1.21
If this command doesn't fix your issue. You will need to backup and reflash your SD Card with the new image.
sudo apt-get install ca-certificatesI have a workaround for you this will fix the SSL issue and you should now be able to install pi-hole
wget -O /etc/ssl/certs/cacert.pem https://curl.haxx.se/ca/cacert.pem && export SSL_CERT_FILE=/etc/ssl/certs/cacert.pem && echo 'SSL_CERT_FILE=/etc/ssl/certs/cacert.pem' | sudo tee -a /etc/environmentHi, done a new istallation with 3.1.22
Same Problem: `[i] Checking for existing FTL binary... [i] Downloading and Installing FTL...curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. [✗] Downloading and Installing FTL Error: URL https://github.com/pi-hole/ftl/releases/latest/download/pihole-FTL-arm-linux-gnueabihf not found [✗] FTL Engine not installed`
mkellsy
commented
4 years ago You have to run this to update the SSL root certs
wget -O /etc/ssl/certs/cacert.pem https://curl.haxx.se/ca/cacert.pem && export SSL_CERT_FILE=/etc/ssl/certs/cacert.pem && echo 'SSL_CERT_FILE=/etc/ssl/certs/cacert.pem' | sudo tee -a /etc/environmentall done, doesn't work
Description Log:
hoobs@hoobs:~ $ curl -sSL https://install.pi-hole.net | bash curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.
This works on every raspian buster installation, with or without native homebridge. But not in Hoobs. The --insecure or -k mode also do not work
Version 3.1.20
Did you upgrade Please let us know if you upgraded from a previous version.
Pervious version If you upgraded, please let us know your previous version.
Did you orginally upgrade to HOOBS 3 from HOOBS 2.1.1? Did you perform an upgrade from HOOBS 2.1.1? Some things are different.
What device are you using? Please let us know the device you are running HOOBS on.
If this is a custom install, what's your operating system? raspian buster
Please let us know what operating system and version you are using. Ex. Fedora 30 or macOS Catalina.
List your plugins Please include a list of the plugins you are using. We need to be able to find it on NPM. If the plugin is no published, please include a link to the repository.
Post your config This can be found in the interface, Configuration -> Advanced or you can get it via SSH
cat ~/.hoobs/etc/config.jsonPost your log You can get the log from the intercafe. This is in the Log section.
Additional context Add any other context about the problem here.