[EPEL-devel] Re: Problems with yum update
Hello Kevin, I did as you suggested and a statement indicated it would be good to reboot was displayed, so I did reboot. After that my generic *yum update* did work. Then I tried to install EPEL Repo again: [root@wsf-owt-dev001:yum.repos.d]# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm Last metadata expiration check: 4:20:17 ago on Thu 16 Jul 2020 03:35:37 PM EDT. [MIRROR] epel-release-latest-8.noarch.rpm: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm [SSL certificate problem: EE certificate key too weak] [MIRROR] epel-release-latest-8.noarch.rpm: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm [SSL certificate problem: EE certificate key too weak] [MIRROR] epel-release-latest-8.noarch.rpm: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm [SSL certificate problem: EE certificate key too weak] [MIRROR] epel-release-latest-8.noarch.rpm: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm [SSL certificate problem: EE certificate key too weak] [FAILED] epel-release-latest-8.noarch.rpm: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm [SSL certificate problem: EE certificate key too weak] Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm [SSL certificate problem: EE certificate key too weak] -- Warron French On Thu, Jul 16, 2020 at 5:39 PM Kevin Fenzi wrote: > On Thu, Jul 16, 2020 at 04:29:08PM -0400, warron.french wrote: > > Actually the file indicates DEFAULT already. > > Odd. Thats the only time I have seen any errors like those. > > YOu might try a sudo update-crypto-policies --set DEFAULT > and see if it helps anyhow. > > kevin > -- > > > > -- > > Warron French > > > > > > > > On Thu, Jul 16, 2020 at 4:12 PM Kevin Fenzi wrote: > > > > > On Thu, Jul 16, 2020 at 03:59:23PM -0400, warron.french wrote: > > > > I work in a lab environment that has a proxy somewhere on the > network. > > > > > > > > I have my VMware VM running CentOS8 and have installed the > > > > epel-latest-release package. > > > snip... > > > > > > > > I don't know what to do to fix this. Can someone please explain > what the > > > > problem is on a high level and then what to do about it so that I can > > > learn > > > > from this? > > > > > > What does: > > > > > > cat /etc/crypto-policies/state/current > > > > > > show? > > > > > > If it's FUTURE, thats the problem. You can do back to default with: > > > > > > sudo update-crypto-policies --set DEFAULT > > > > > > kevin > > > ___ > > > epel-devel mailing list -- epel-devel@lists.fedoraproject.org > > > To unsubscribe send an email to > epel-devel-le...@lists.fedoraproject.org > > > Fedora Code of Conduct: > > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > > > List Archives: > > > > https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org > > > > > > ___ > > epel-devel mailing list -- epel-devel@lists.fedoraproject.org > > To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org > > ___ > epel-devel mailing list -- epel-devel@lists.fedoraproject.org > To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fed
[EPEL-devel] Re: Problems with yum update
Actually the file indicates DEFAULT already. -- Warron French On Thu, Jul 16, 2020 at 4:12 PM Kevin Fenzi wrote: > On Thu, Jul 16, 2020 at 03:59:23PM -0400, warron.french wrote: > > I work in a lab environment that has a proxy somewhere on the network. > > > > I have my VMware VM running CentOS8 and have installed the > > epel-latest-release package. > snip... > > > > I don't know what to do to fix this. Can someone please explain what the > > problem is on a high level and then what to do about it so that I can > learn > > from this? > > What does: > > cat /etc/crypto-policies/state/current > > show? > > If it's FUTURE, thats the problem. You can do back to default with: > > sudo update-crypto-policies --set DEFAULT > > kevin > ___ > epel-devel mailing list -- epel-devel@lists.fedoraproject.org > To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org > ___ epel-devel mailing list -- epel-devel@lists.fedoraproject.org To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
[EPEL-devel] Problems with yum update
I work in a lab environment that has a proxy somewhere on the network. I have my VMware VM running CentOS8 and have installed the epel-latest-release package. When I execute a generic *yum update *I run into problems. They are here: [root@wsf-owt-dev001:yum.repos.d]# yum update Extra Packages for Enterprise Linux 8 - Playground - x86_64 0.0 B/s | 0 B 00:01 Errors during downloading metadata for repository 'epel-playground': - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://mirrors.fedoraproject.org/metalink?repo=playground-epel8=x86_64=stock=centos [SSL certificate problem: EE certificate key too weak] Error: Failed to download metadata for repo 'epel-playground': Cannot prepare internal mirrorlist: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://mirrors.fedoraproject.org/metalink?repo=playground-epel8=x86_64=stock=centos [SSL certificate problem: EE certificate key too weak] I see the curl error, so I try a curl command and also run into problems: [root@wsf-owt-dev001:yum.repos.d]# curl -v https://mirrors.fedoraproject.org/metalink?repo=playground-epel8=x86_64=stock=centos [1] 683465 [2] 683466 [3] 683467 [root@wsf-owt-dev001:yum.repos.d]# * Uses proxy env variable https_proxy == 'http://214.3.129.49:80' * Trying 214.3.129.49... * TCP_NODELAY set * Connected to 214.3.129.49 (214.3.129.49) port 80 (#0) * allocate connect buffer! * Establish HTTP proxy tunnel to mirrors.fedoraproject.org:443 > CONNECT mirrors.fedoraproject.org:443 HTTP/1.1 > Host: mirrors.fedoraproject.org:443 > User-Agent: curl/7.61.1 > Proxy-Connection: Keep-Alive > < HTTP/1.0 200 Connection established < * Proxy replied 200 to CONNECT request * CONNECT phase completed! * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CONNECT phase completed! * CONNECT phase completed! * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS alert, bad certificate (554): * SSL certificate problem: EE certificate key too weak * Closing connection 0 curl: (60) SSL certificate problem: EE certificate key too weak More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. [1] Exit 60 curl -v https://mirrors.fedoraproject.org/metalink?repo=playground-epel8 [2]- Done arch=x86_64 [3]+ Done infra=stock I don't know what to do to fix this. Can someone please explain what the problem is on a high level and then what to do about it so that I can learn from this? Thank you, -- Warron French ___ epel-devel mailing list -- epel-devel@lists.fedoraproject.org To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org