Your message dated Thu, 06 Apr 2023 16:27:20 +0100
with message-id
<78867825283b47419d2e24309cb9dd8f5f32a5ec.ca...@adam-barratt.org.uk>
and subject line Re: Bug#991853: archive.debian.org: Invalid SSL/TLS
certificate, https fails
has caused the Debian Bug report #991853,
regarding archive.debian.org: Invalid SSL/TLS certificate, https fails
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
991853: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991853
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: www.debian.org
Severity: normal
Apologies if this is the wrong pseudo-package; I couldn't find one
for archive.debian.org specifically.
Attempts to download a package from the archive.debian.org site using
https with command line tools fail. These examples are performed on a
bullseye host:
$ wget
https://archive.debian.org/debian/pool/main/a/apt/apt-transport-https_0.9.7.9+deb7u7_amd64.deb
--2021-08-03 08:26:17--
https://archive.debian.org/debian/pool/main/a/apt/apt-transport-https_0.9.7.9+deb7u7_amd64.deb
Resolving archive.debian.org (archive.debian.org)... 217.196.149.234,
193.62.202.28, 130.89.148.13, ...
Connecting to archive.debian.org (archive.debian.org)|217.196.149.234|:443...
connected.
ERROR: The certificate of ‘archive.debian.org’ is not trusted.
ERROR: The certificate of ‘archive.debian.org’ doesn't have a known issuer.
The certificate's owner does not match hostname ‘archive.debian.org’
$ curl
https://archive.debian.org/debian/pool/main/a/apt/apt-transport-https_0.9.7.9+deb7u7_amd64.deb
> apt-transport-https_0.9.7.9+deb7u7_amd64.deb
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
If I go to https://archive.debian.org/debian/pool/main/a/apt/ in
Google Chrome, I'm prompted with the standard warning about an
invalid certificate; if I choose to go forward despite that, I get:
Not Found
The requested URL was not found on this server.
Apache Server at archive.debian.org Port 443
Finally, I will note that it would be most helpful if the archive.debian.org
site can be accessed directly by older systems using the apt-transport-https
package. If this is impossible due to security concerns, then downloading
the packages by hand on a newer system, and then moving them over to the
older systems, would still be better than the current situation, which is
that the packages are completely inaccessible in environments where plain
http is blocked.
--- End Message ---
--- Begin Message ---
On Thu, 2021-09-09 at 23:40 +0200, Ansgar wrote:
> Control: reassign -1 mirrors
>
> Greg Wooledge wrote:
> > Attempts to download a package from the archive.debian.org site
> > using
> > https with command line tools fail.
> [...]
> > The certificate's owner does not match hostname
> > ‘archive.debian.org’
>
> The FTP team only maintains the master copy of archive contents.
> Access
> to the public copy via HTTP(S) should fall into the domain of the
> mirror and/or system administration teams.
>
It took a little while, but https://archive.debian.org should now work.
Regards,
Adam
--- End Message ---
