Not recommended, better to fix the problem, but what you can try is running your commands like: PYTHONHTTPSVERIFY=0 <your command>
Also go to /etc/yum.repos.d/ and find the ceph repo files and add: sslverify = 0 But again, this is not recommended. It is just a not-safe workaround that might work for you. Op wo 30 jul 2025 om 10:53 schreef P Wagner-Beccard < wagner-kerschbau...@schaffroth.eu>: > some background from the user group meetup. > https://youtu.be/Vcxk0lFa2S8?t=3821 > > you can check your current openssl with > > openssl version > List all what the package manager as to offer: > > dnf --showduplicates list openssl > > "works on my machine" cephadm on Rocky 9.6 OpenSSL 3.2.2 4. > > > > On Wed, 30 Jul 2025 at 06:47, gagan tiwari < > gagan.tiw...@mathisys-india.com> > wrote: > > > HI John, > > I did reinstall openssl pkg on the linux server and > > that seems to have worked and I am able to add squid repo. > > > > But while installing ceph-common pkg . I am getting below error :- > > > > cephadm install ceph-common > > Installing packages ['ceph-common']... > > Non-zero exit code 1 from yum install -y ceph-common > > yum: stdout Last metadata expiration check: 0:06:18 ago on Wednesday 30 > > July 2025 10:09:50 AM. > > yum: stdout (try to add '--skip-broken' to skip uninstallable packages or > > '--nobest' to use not only best candidate packages) > > yum: stderr Error: > > yum: stderr Problem: conflicting requests > > yum: stderr - nothing provides libcrypto.so.3(OPENSSL_3.4.0)(64bit) > > needed by ceph-common-2:19.2.3-0.el9.x86_64 from Ceph > > Traceback (most recent call last): > > File "/usr/lib64/python3.9/runpy.py", line 197, in _run_module_as_main > > return _run_code(code, main_globals, None, > > File "/usr/lib64/python3.9/runpy.py", line 87, in _run_code > > exec(code, run_globals) > > File "/usr/sbin/cephadm/__main__.py", line 5581, in <module> > > File "/usr/sbin/cephadm/__main__.py", line 5569, in main > > File "/usr/sbin/cephadm/__main__.py", line 4588, in command_install > > File "/usr/sbin/cephadm/cephadmlib/packagers.py", line 458, in install > > File "/usr/sbin/cephadm/cephadmlib/call_wrappers.py", line 307, in > > call_throws > > RuntimeError: Failed command: yum install -y ceph-common: Last metadata > > expiration check: 0:06:18 ago on Wednesday 30 July 2025 10:09:50 AM. > > (try to add '--skip-broken' to skip uninstallable packages or '--nobest' > to > > use not only best candidate packages) > > > > Thanks, > > Gagan > > > > On Wed, Jul 30, 2025 at 9:18 AM gagan tiwari < > > gagan.tiw...@mathisys-india.com> wrote: > > > > > HI John, > > > Yes. This command met with the same SSL > Certificate > > > issue. Here is output :- > > > > > > python3 -c 'import urllib.request; print(len(urllib.request.urlopen(" > > > https://download.ceph.com";).read()))' > > > Traceback (most recent call last): > > > File "/usr/lib64/python3.9/urllib/request.py", line 1346, in do_open > > > h.request(req.get_method(), req.selector, req.data, headers, > > > File "/usr/lib64/python3.9/http/client.py", line 1285, in request > > > self._send_request(method, url, body, headers, encode_chunked) > > > File "/usr/lib64/python3.9/http/client.py", line 1331, in > _send_request > > > self.endheaders(body, encode_chunked=encode_chunked) > > > File "/usr/lib64/python3.9/http/client.py", line 1280, in endheaders > > > self._send_output(message_body, encode_chunked=encode_chunked) > > > File "/usr/lib64/python3.9/http/client.py", line 1040, in > _send_output > > > self.send(msg) > > > File "/usr/lib64/python3.9/http/client.py", line 980, in send > > > self.connect() > > > File "/usr/lib64/python3.9/http/client.py", line 1454, in connect > > > self.sock = self._context.wrap_socket(self.sock, > > > File "/usr/lib64/python3.9/ssl.py", line 501, in wrap_socket > > > return self.sslsocket_class._create( > > > File "/usr/lib64/python3.9/ssl.py", line 1074, in _create > > > self.do_handshake() > > > File "/usr/lib64/python3.9/ssl.py", line 1343, in do_handshake > > > self._sslobj.do_handshake() > > > ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] > > certificate > > > verify failed: unable to get local issuer certificate (_ssl.c:1147) > > > > > > During handling of the above exception, another exception occurred: > > > > > > > > > Please let me know how to get around this as I need to install Ceph > > > cluster at the earliest. > > > > > > Thanks, > > > Gagan > > > > > > On Tue, Jul 29, 2025 at 9:26 PM John Mulligan < > > > phlogistonj...@asynchrono.us> wrote: > > > > > >> On Tuesday, July 29, 2025 10:50:06 AM Eastern Daylight Time gagan > tiwari > > >> wrote: > > >> > Hi John, > > >> > Thanks for reply! > > >> > > > >> > curl seems to be working fine. Here is output of the command :- > > >> > > > >> > curl https://download.ceph.com > > >> > <html> > > >> > <head><title>Index of /</title></head> > > >> > <body> > > >> > <h1>Index of /</h1><hr><pre><a href="../">../</a> > > >> > <a href="archive/">archive/</a> > > >> > 13-Nov-2024 03:25 - > > >> > <a href="calamari/">calamari/</a> > > >> > 29-Oct-2015 18:40 - > > >> > <a href="ceph-iscsi/">ceph-iscsi/</a> > > >> > 22-May-2024 03:18 - > > >> > <a href="cephmetrics/">cephmetrics/</a> > > >> > 29-Jun-2017 22:07 - > > >> > <a href="cloudinit/">cloudinit/</a> > > >> > 11-Aug-2020 14:47 - > > >> > <a href="debian-15.1.0/">debian-15.1.0/</a> > > >> > 13-Mar-2020 22:19 - > > >> > <a href="debian-15.1.1/">debian-15.1.1/</a> > > >> > 13-Mar-2020 22:21 - > > >> > <a href="debian-15.2.0/">debian-15.2.0/</a> > > >> > 23-Mar-2020 22:43 - > > >> > <a href="debian-15.2.1/">debian-15.2.1/</a> > > >> > 09-Apr-2020 16:11 - > > >> > <a href="debian-15.2.10/">debian-15.2.10/</a> > > >> > 18-Mar-2021 13:41 - > > >> > <a href="debian-15.2.11/">debian-15.2.11/</a> > > >> > 19-Apr-2021 22:17 - > > >> > <a href="debian-15.2.12/">debian-15.2.12/</a> > > >> > 13-May-2021 23:06 - > > >> > <a href="debian-15.2.13/">debian-15.2.13/</a> > > >> > 26-May-2021 22:26 - > > >> > <a href="debian-15.2.14/">debian-15.2.14/</a> > > >> > 05-Aug-2021 21:32 - > > >> > <a href="debian-15.2.15/">debian-15.2.15/</a> > > >> > 20-Oct-2021 18:33 - > > >> > <a href="debian-15.2.16/">debian-15.2.16/</a> > > >> > 01-Mar-2022 12:18 - > > >> > <a href="debian-15.2.17/">debian-15.2.17/</a> > > >> > 09-Aug-2022 20:59 > > >> > > > >> > > > >> > I have tried to install the latest version of squid 19.2.3 and > > 19.2.2. > > >> > Facing the same SSL issue with both versions. > > >> > > > >> > Thanks, > > >> > Gagan > > >> > > > >> > > >> It dawns on me that curl might not be the best test as I think it can > > use > > >> a different cert bundle by default. > > >> > > >> Does this command fail the same way as cephadm? > > >> ``` > > >> python3 -c 'import urllib.request; print(len(urllib.request.urlopen(" > > >> https://download.ceph.com";).read()))' > > >> ``` > > >> > > >> > > >> PS. Please keep the list CC'ed. We want others to be able to help as > > well > > >> and keep a record of what was discussed. > > >> > > >> > > >> > > _______________________________________________ > > ceph-users mailing list -- ceph-users@ceph.io > > To unsubscribe send an email to ceph-users-le...@ceph.io > > > _______________________________________________ > ceph-users mailing list -- ceph-users@ceph.io > To unsubscribe send an email to ceph-users-le...@ceph.io > _______________________________________________ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io
