[Touch-packages] [Bug 2046818] Re: APT: certificate validation failed (LE certificate)

Mon, 18 Dec 2023 07:40:46 -0800 

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: apt (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/2046818

Title:
  APT: certificate validation failed (LE certificate)

Status in apt package in Ubuntu:
  Confirmed

Bug description:
  Hi!
  I am not sure if this is the correct place or package to report the issue to 
(maybe apt-transport-https or libgnutls?).

  Anyway, the https://mariadb.gb.ssimn.org/ mirror can not be used by
  APT and gives the following error:

  W: Failed to fetch 
https://mariadb.gb.ssimn.org/repo/11.3/ubuntu/dists/jammy/InRelease  
Certificate verification failed: The certificate is NOT trusted. The 
certificate issuer is unknown.  Could not handshake: Error in the certificate 
verification. [IP: 81.0.219.146 443]
  W: Some index files failed to download. They have been ignored, or old ones 
used instead.

  But the Let's Encrypt certificate looks OK and wget or curl can
  establish TLS connection without pb, see below and
  https://mariadb.gb.ssimn.org/.

  This has been tested on Ubuntu 18.04 and Ubuntu 22.04 with the
  following commands (see https://mariadb.org/download/?t=repo-
  config&d=22.04+%22jammy%22&v=11.3+%5BRC%5D&r_m=starburst):

  $ podman run -it ubuntu:22.04 bash
  root@288e75580b84:/# apt update
  root@288e75580b84:/# apt-get install apt-transport-https curl
  root@288e75580b84:/# mkdir -p /etc/apt/keyrings
  root@288e75580b84:/# curl -o /etc/apt/keyrings/mariadb-keyring.pgp 
'https://mariadb.org/mariadb_release_signing_key.pgp'

  Add the following in the `/etc/apt/sources.list.d/mariadb.sources`:

  # MariaDB 11.3 [RC] repository list - created 2023-12-18 15:09 UTC
  # https://mariadb.org/download/
  X-Repolib-Name: MariaDB
  Types: deb
  URIs: https://mariadb.gb.ssimn.org/repo/11.3/ubuntu
  Suites: jammy
  Components: main main/debug
  Signed-By: /etc/apt/keyrings/mariadb-keyring.pgp

  Apt update fails but curl works:

  root@288e75580b84:/# curl -o /tmp/PublicKey 
https://mariadb.gb.ssimn.org/PublicKey
    % Total    % Received % Xferd  Average Speed   Time    Time     Time  
Current
                                   Dload  Upload   Total   Spent    Left  Speed
  100 14928  100 14928    0     0  97876      0 --:--:-- --:--:-- --:--:-- 98210

  I am not able to reproduce this either on Debian (10/11/12) or Ubuntu
  23.04.

  Regards,
  Faustin

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2046818/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to