Your message dated Sun, 18 Jan 2026 19:34:20 +0000
with message-id
<8f194af54fe940d9bcac0f2b1a69b8e985e581ef.ca...@adam-barratt.org.uk>
and subject line Re: Bug#1125911: apt: ftp.us.debian.org mirror ssl certificate
wrong
has caused the Debian Bug report #1125911,
regarding apt: ftp.us.debian.org mirror ssl certificate wrong
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1125911: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125911
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: apt
Version: 2.6.1
Severity: important
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
apt-get update
Err:4 https://ftp.us.debian.org/debian bookworm InRelease
Certificate verification failed: The certificate is NOT trusted. The
certificate issuer is unknown. The name in the certificate does not match the
expected. Could not handshake: Error in the certificate verification. [IP:
208.80.154.139 443]
Err:5 https://ftp.us.debian.org/debian bookworm-updates InRelease
Certificate verification failed: The certificate is NOT trusted. The
certificate issuer is unknown. The name in the certificate does not match the
expected. Could not handshake: Error in the certificate verification. [IP:
208.80.154.139 443]
Reading package lists... Done
W: Failed to fetch https://ftp.us.debian.org/debian/dists/bookworm/InRelease
Certificate verification failed: The certificate is NOT trusted. The
certificate issuer is unknown. The name in the certificate does not match the
expected. Could not handshake: Error in the certificate verification. [IP:
208.80.154.139 443]
W: Failed to fetch
https://ftp.us.debian.org/debian/dists/bookworm-updates/InRelease Certificate
verification failed: The certificate is NOT trusted. The certificate issuer is
unknown. The name in the certificate does not match the expected. Could not
handshake: Error in the certificate verification. [IP: 208.80.154.139 443]
Err:4 https://ftp.us.debian.org/debian bookworm InRelease
Certificate verification failed: The certificate is NOT trusted. The
certificate issuer is unknown. The name in the certificate does not match the
expected. Could not handshake: Error in the certificate verification. [IP:
64.50.233.100 443]
Err:5 https://ftp.us.debian.org/debian bookworm-updates InRelease
Certificate verification failed: The certificate is NOT trusted. The
certificate issuer is unknown. The name in the certificate does not match the
expected. Could not handshake: Error in the certificate verification. [IP:
64.50.233.100 443]
Reading package lists... Done
W: Failed to fetch https://ftp.us.debian.org/debian/dists/bookworm/InRelease
Certificate verification failed: The certificate is NOT trusted. The
certificate issuer is unknown. The name in the certificate does not match the
expected. Could not handshake: Error in the certificate verification. [IP:
64.50.233.100 443]
W: Failed to fetch
https://ftp.us.debian.org/debian/dists/bookworm-updates/InRelease Certificate
verification failed: The certificate is NOT trusted. The certificate issuer is
unknown. The name in the certificate does not match the expected. Could not
handshake: Error in the certificate verification. [IP: 64.50.233.100 443]
*** End of the template - remove these template lines ***
-- Package-specific info:
-- apt-config dump --
APT "";
APT::Architecture "amd64";
APT::Build-Essential "";
APT::Build-Essential:: "build-essential";
APT::Install-Recommends "1";
APT::Install-Suggests "0";
APT::Sandbox "";
APT::Sandbox::User "_apt";
APT::NeverAutoRemove "";
APT::NeverAutoRemove:: "^firmware-linux.*";
APT::NeverAutoRemove:: "^linux-firmware$";
APT::NeverAutoRemove:: "^linux-image-[a-z0-9]*$";
APT::NeverAutoRemove:: "^linux-image-[a-z0-9]*-[a-z0-9]*$";
APT::NeverAutoRemove:: "^pve-kernel-6\.8$";
APT::NeverAutoRemove:: "^proxmox-kernel-6\.8$";
APT::NeverAutoRemove:: "^proxmox-kernel-6\.8-signed$";
APT::NeverAutoRemove:: "^pve-kernel-6\.8\.12-13-pve$";
APT::NeverAutoRemove:: "^proxmox-kernel-6\.8\.12-13-pve$";
APT::NeverAutoRemove:: "^proxmox-kernel-6\.8\.12-13-pve-signed$";
APT::NeverAutoRemove:: "^pve-kernel-6\.8\.12-15-pve$";
APT::NeverAutoRemove:: "^proxmox-kernel-6\.8\.12-15-pve$";
APT::NeverAutoRemove:: "^proxmox-kernel-6\.8\.12-15-pve-signed$";
APT::NeverAutoRemove:: "^pve-kernel-6\.8\.12-16-pve$";
APT::NeverAutoRemove:: "^proxmox-kernel-6\.8\.12-16-pve$";
APT::NeverAutoRemove:: "^proxmox-kernel-6\.8\.12-16-pve-signed$";
APT::VersionedKernelPackages "";
APT::VersionedKernelPackages:: "linux-.*";
APT::VersionedKernelPackages:: "kfreebsd-.*";
APT::VersionedKernelPackages:: "gnumach-.*";
APT::VersionedKernelPackages:: ".*-modules";
APT::VersionedKernelPackages:: ".*-kernel";
APT::Never-MarkAuto-Sections "";
APT::Never-MarkAuto-Sections:: "metapackages";
APT::Never-MarkAuto-Sections:: "tasks";
APT::Move-Autobit-Sections "";
APT::Move-Autobit-Sections:: "oldlibs";
APT::Architectures "";
APT::Architectures:: "amd64";
APT::Compressor "";
APT::Compressor::. "";
APT::Compressor::.::Name ".";
APT::Compressor::.::Extension "";
APT::Compressor::.::Binary "";
APT::Compressor::.::Cost "0";
APT::Compressor::zstd "";
APT::Compressor::zstd::Name "zstd";
APT::Compressor::zstd::Extension ".zst";
APT::Compressor::zstd::Binary "zstd";
APT::Compressor::zstd::Cost "60";
APT::Compressor::zstd::CompressArg "";
APT::Compressor::zstd::CompressArg:: "-19";
APT::Compressor::zstd::UncompressArg "";
APT::Compressor::zstd::UncompressArg:: "-d";
APT::Compressor::lz4 "";
APT::Compressor::lz4::Name "lz4";
APT::Compressor::lz4::Extension ".lz4";
APT::Compressor::lz4::Binary "false";
APT::Compressor::lz4::Cost "50";
APT::Compressor::gzip "";
APT::Compressor::gzip::Name "gzip";
APT::Compressor::gzip::Extension ".gz";
APT::Compressor::gzip::Binary "gzip";
APT::Compressor::gzip::Cost "100";
APT::Compressor::gzip::CompressArg "";
APT::Compressor::gzip::CompressArg:: "-6n";
APT::Compressor::gzip::UncompressArg "";
APT::Compressor::gzip::UncompressArg:: "-d";
APT::Compressor::xz "";
APT::Compressor::xz::Name "xz";
APT::Compressor::xz::Extension ".xz";
APT::Compressor::xz::Binary "xz";
APT::Compressor::xz::Cost "200";
APT::Compressor::xz::CompressArg "";
APT::Compressor::xz::CompressArg:: "-6";
APT::Compressor::xz::UncompressArg "";
APT::Compressor::xz::UncompressArg:: "-d";
APT::Compressor::bzip2 "";
APT::Compressor::bzip2::Name "bzip2";
APT::Compressor::bzip2::Extension ".bz2";
APT::Compressor::bzip2::Binary "bzip2";
APT::Compressor::bzip2::Cost "300";
APT::Compressor::bzip2::CompressArg "";
APT::Compressor::bzip2::CompressArg:: "-6";
APT::Compressor::bzip2::UncompressArg "";
APT::Compressor::bzip2::UncompressArg:: "-d";
APT::Compressor::lzma "";
APT::Compressor::lzma::Name "lzma";
APT::Compressor::lzma::Extension ".lzma";
APT::Compressor::lzma::Binary "xz";
APT::Compressor::lzma::Cost "400";
APT::Compressor::lzma::CompressArg "";
APT::Compressor::lzma::CompressArg:: "--format=lzma";
APT::Compressor::lzma::CompressArg:: "-6";
APT::Compressor::lzma::UncompressArg "";
APT::Compressor::lzma::UncompressArg:: "--format=lzma";
APT::Compressor::lzma::UncompressArg:: "-d";
Dir "/";
Dir::State "var/lib/apt";
Dir::State::lists "lists/";
Dir::State::cdroms "cdroms.list";
Dir::State::extended_states "extended_states";
Dir::State::status "/var/lib/dpkg/status";
Dir::Cache "var/cache/apt";
Dir::Cache::archives "archives/";
Dir::Cache::srcpkgcache "srcpkgcache.bin";
Dir::Cache::pkgcache "pkgcache.bin";
Dir::Etc "etc/apt";
Dir::Etc::sourcelist "sources.list";
Dir::Etc::sourceparts "sources.list.d";
Dir::Etc::main "apt.conf";
Dir::Etc::netrc "auth.conf";
Dir::Etc::netrcparts "auth.conf.d";
Dir::Etc::parts "apt.conf.d";
Dir::Etc::preferences "preferences";
Dir::Etc::preferencesparts "preferences.d";
Dir::Etc::trusted "trusted.gpg";
Dir::Etc::trustedparts "trusted.gpg.d";
Dir::Etc::apt-listchanges-main "listchanges.conf";
Dir::Etc::apt-listchanges-parts "listchanges.conf.d";
Dir::Bin "";
Dir::Bin::methods "/usr/lib/apt/methods";
Dir::Bin::solvers "";
Dir::Bin::solvers:: "/usr/lib/apt/solvers";
Dir::Bin::planners "";
Dir::Bin::planners:: "/usr/lib/apt/planners";
Dir::Bin::dpkg "/usr/bin/dpkg";
Dir::Bin::gzip "/bin/gzip";
Dir::Bin::bzip2 "/bin/bzip2";
Dir::Bin::xz "/usr/bin/xz";
Dir::Bin::lz4 "/usr/bin/lz4";
Dir::Bin::zstd "/usr/bin/zstd";
Dir::Bin::lzma "/usr/bin/xz";
Dir::Media "";
Dir::Media::MountPath "/media/apt";
Dir::Log "var/log/apt";
Dir::Log::Terminal "term.log";
Dir::Log::History "history.log";
Dir::Log::Planner "eipp.log.xz";
Dir::Ignore-Files-Silently "";
Dir::Ignore-Files-Silently:: "~$";
Dir::Ignore-Files-Silently:: "\.disabled$";
Dir::Ignore-Files-Silently:: "\.bak$";
Dir::Ignore-Files-Silently:: "\.dpkg-[a-z]+$";
Dir::Ignore-Files-Silently:: "\.ucf-[a-z]+$";
Dir::Ignore-Files-Silently:: "\.save$";
Dir::Ignore-Files-Silently:: "\.orig$";
Dir::Ignore-Files-Silently:: "\.distUpgrade$";
Acquire "";
Acquire::AllowInsecureRepositories "0";
Acquire::AllowWeakRepositories "0";
Acquire::AllowDowngradeToInsecureRepositories "0";
Acquire::cdrom "";
Acquire::cdrom::mount "/media/cdrom/";
Acquire::IndexTargets "";
Acquire::IndexTargets::deb "";
Acquire::IndexTargets::deb::Packages "";
Acquire::IndexTargets::deb::Packages::MetaKey
"$(COMPONENT)/binary-$(ARCHITECTURE)/Packages";
Acquire::IndexTargets::deb::Packages::flatMetaKey "Packages";
Acquire::IndexTargets::deb::Packages::ShortDescription "Packages";
Acquire::IndexTargets::deb::Packages::Description "$(RELEASE)/$(COMPONENT)
$(ARCHITECTURE) Packages";
Acquire::IndexTargets::deb::Packages::flatDescription "$(RELEASE) Packages";
Acquire::IndexTargets::deb::Packages::Optional "0";
Acquire::IndexTargets::deb::Translations "";
Acquire::IndexTargets::deb::Translations::MetaKey
"$(COMPONENT)/i18n/Translation-$(LANGUAGE)";
Acquire::IndexTargets::deb::Translations::flatMetaKey "$(LANGUAGE)";
Acquire::IndexTargets::deb::Translations::ShortDescription
"Translation-$(LANGUAGE)";
Acquire::IndexTargets::deb::Translations::Description "$(RELEASE)/$(COMPONENT)
Translation-$(LANGUAGE)";
Acquire::IndexTargets::deb::Translations::flatDescription "$(RELEASE)
Translation-$(LANGUAGE)";
Acquire::IndexTargets::deb-src "";
Acquire::IndexTargets::deb-src::Sources "";
Acquire::IndexTargets::deb-src::Sources::MetaKey "$(COMPONENT)/source/Sources";
Acquire::IndexTargets::deb-src::Sources::flatMetaKey "Sources";
Acquire::IndexTargets::deb-src::Sources::ShortDescription "Sources";
Acquire::IndexTargets::deb-src::Sources::Description "$(RELEASE)/$(COMPONENT)
Sources";
Acquire::IndexTargets::deb-src::Sources::flatDescription "$(RELEASE) Sources";
Acquire::IndexTargets::deb-src::Sources::Optional "0";
Acquire::Changelogs "";
Acquire::Changelogs::URI "";
Acquire::Changelogs::URI::Origin "";
Acquire::Changelogs::URI::Origin::Debian
"https://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog";;
Acquire::Changelogs::URI::Origin::Ubuntu
"https://changelogs.ubuntu.com/changelogs/pool/@CHANGEPATH@/changelog";;
Acquire::Changelogs::AlwaysOnline "";
Acquire::Changelogs::AlwaysOnline::Origin "";
Acquire::Changelogs::AlwaysOnline::Origin::Ubuntu "1";
Acquire::Languages "";
Acquire::Languages:: "en";
Acquire::Languages:: "none";
Acquire::CompressionTypes "";
Acquire::CompressionTypes::xz "xz";
Acquire::CompressionTypes::bz2 "bzip2";
Acquire::CompressionTypes::lzma "lzma";
Acquire::CompressionTypes::gz "gzip";
Acquire::CompressionTypes::lz4 "lz4";
Acquire::CompressionTypes::zst "zstd";
DPkg "";
DPkg::Path "/usr/sbin:/usr/bin:/sbin:/bin";
DPkg::Pre-Install-Pkgs "";
DPkg::Pre-Install-Pkgs:: "/usr/share/proxmox-ve/pve-apt-hook";
DPkg::Pre-Install-Pkgs:: "/usr/bin/apt-listchanges --apt || test $? -lt 10";
DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true";
DPkg::Tools "";
DPkg::Tools::Options "";
DPkg::Tools::Options::/usr/share/proxmox-ve/pve-apt-hook "";
DPkg::Tools::Options::/usr/share/proxmox-ve/pve-apt-hook::Version "2";
DPkg::Tools::Options::/usr/share/proxmox-ve/pve-apt-hook::InfoFD "20";
DPkg::Tools::Options::/usr/bin/apt-listchanges "";
DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2";
DPkg::Tools::Options::/usr/bin/apt-listchanges::InfoFD "20";
Binary "apt-config";
Binary::apt "";
Binary::apt::APT "";
Binary::apt::APT::Color "1";
Binary::apt::APT::Cache "";
Binary::apt::APT::Cache::Show "";
Binary::apt::APT::Cache::Show::Version "2";
Binary::apt::APT::Cache::AllVersions "0";
Binary::apt::APT::Cache::ShowVirtuals "1";
Binary::apt::APT::Cache::Search "";
Binary::apt::APT::Cache::Search::Version "2";
Binary::apt::APT::Cache::ShowDependencyType "1";
Binary::apt::APT::Cache::ShowVersion "1";
Binary::apt::APT::Get "";
Binary::apt::APT::Get::Upgrade-Allow-New "1";
Binary::apt::APT::Get::Update "";
Binary::apt::APT::Get::Update::InteractiveReleaseInfoChanges "1";
Binary::apt::APT::Cmd "";
Binary::apt::APT::Cmd::Show-Update-Stats "1";
Binary::apt::APT::Cmd::Pattern-Only "1";
Binary::apt::APT::Keep-Downloaded-Packages "0";
Binary::apt::DPkg "";
Binary::apt::DPkg::Progress-Fancy "1";
Binary::apt::DPkg::Lock "";
Binary::apt::DPkg::Lock::Timeout "-1";
CommandLine "";
CommandLine::AsString "apt-config dump";
-- (no /etc/apt/preferences present) --
-- (no /etc/apt/preferences.d/* present) --
-- /etc/apt/sources.list --
deb https://ftp.debian.org/debian bookworm main contrib
deb https://ftp.debian.org/debian bookworm-updates main contrib
# security updates
deb https://security.debian.org/ bookworm-security main contrib
-- /etc/apt/sources.list.d/ceph.list --
deb https://enterprise.proxmox.com/debian/ceph-reef bookworm enterprise
-- /etc/apt/sources.list.d/pve-enterprise.list --
deb https://enterprise.proxmox.com/debian/pve bookworm pve-enterprise
-- System Information:
Debian Release: 12.13
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500,
'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.8.12-16-pve (SMP w/64 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apt depends on:
ii adduser 3.134
ii debian-archive-keyring 2023.3+deb12u2
ii gpgv 2.2.40-1.1+deb12u2
ii libapt-pkg6.0 2.6.1
ii libc6 2.36-9+deb12u13
ii libgcc-s1 12.2.0-14+deb12u1
ii libgnutls30 3.7.9-2+deb12u5
ii libseccomp2 2.5.4-1+deb12u1
ii libstdc++6 12.2.0-14+deb12u1
ii libsystemd0 252.39-1~deb12u1
Versions of packages apt recommends:
ii ca-certificates 20230311+deb12u1
Versions of packages apt suggests:
pn apt-doc <none>
pn aptitude | synaptic | wajig <none>
pn dpkg-dev <none>
ii gnupg 2.2.40-1.1+deb12u2
pn powermgmt-base <none>
-- no debconf information
WIENER LINIEN GmbH & Co KG
1030 Wien, Erdbergstraße 202, Postfach 63 FN 181593z, HG Wien; UID-Nr. ATU
47055001; http://www.wienerlinien.at/
Bankverbindung: UniCredit Bank Austria AG, BIC BKAUATWW, IBAN
AT491200000696216209 Persönlich haftender Gesellschafter: WIENER LINIEN GmbH
1030 Wien, Erdbergstraße 202, Postfach 63 FN 174296v, HG Wien; UID-Nr. ATU
47055001
Bankverbindung: UniCredit Bank Austria AG, BIC BKAUATWW, IBAN
AT421200000696220409 Durch dieses Mail oder eventuelle Anhänge werden keine
rechtsverbindlichen Erklärungen der WIENER LINIEN GmbH & Co KG abgegeben.
Insbesondere können durch die Informationen in diesem Mail keine Rechte oder
Verpflichtungen für die WIENER LINIEN GmbH & Co KG begründet werden.
Diese Information und eventuelle Anhänge sind vertraulich und ausschließlich
zur Kenntnisnahme durch den oder die genannten Adressaten bestimmt. Sollten Sie
nicht der vorgesehene Adressat sein, ersuchen wir Sie, uns unverzüglich zu
informieren und die Nachricht zu löschen. Der Inhalt der fehlgeleiteten
Nachricht darf weder aufgezeichnet noch Unbefugten mitgeteilt oder für
irgendwelche Zwecke verwertet werden.
Dieses Mail wurde nach dem Traffic-Light-Protokoll (TLP) erstellt.
Weitere Informationen finden Sie unter Datensicherheit – Wiener
Linien<https://www.wienerlinien.at/datensicherheit>.
--- End Message ---
--- Begin Message ---
On Sun, 2026-01-18 at 19:18 +0000, HOLZER Martin wrote:
> apt-get update
>
> Err:4 https://ftp.us.debian.org/debian bookworm InRelease
> Certificate verification failed: The certificate is NOT trusted.
> The certificate issuer is unknown. The name in the certificate does
> not match the expected. Could not handshake: Error in the
> certificate verification. [IP: 208.80.154.139 443]
That's not a bug in APT, in any way.
If anything, it's a bug in your configuration. ftp.CC.debian.org are
not advertised as supporting TLS, and in many cases won't, and can't.
The country mirror names can get moved around between servers if
necessary, and there's no guarantee that any particular server will
have a certificate for any given country code. Most of the mirrors
aren't operated by Debian, so we have no way of deploying certificates
to them and managing them.
If you want to use a mirror that will always have working TLS, I'd
suggest deb.debian.org.
Regards,
Adam
--- End Message ---
