On 8/30/19 8:31 AM, Alexander Dalloz wrote:
Based on that it appears to me very clear that the trust with the
DigiCert chain wasn't given due to a missing trust from the ca-cert bundle
That seems reasonable to me. :)
___
CentOS mailing list
CentOS
On 8/30/19 8:17 AM, Gary Stainburn wrote:
However, when I re-installed ca-certificates it immediately fixed the problem
on both boxes, which implies an internal problem.
That is only true if yum selected the same server, and there is no
evidence that it did. It's possible that reinstalling
On Friday 30 August 2019 16:27:01 Alexander Dalloz wrote:
> In posting
> https://lists.centos.org/pipermail/centos/2019-August/173288.html you
> could see that he has a repo "webtatic" configured, at that time calling
> a different mirror.
>
> Alexander
As far as I know I've never had webtatic
Am 2019-08-30 17:04, schrieb Gordon Messmer:
On 8/30/19 5:52 AM, Gary Stainburn wrote:
Incidentally, the*good* server that I was referencing my broken
server against has decided to start giving the curl certificate errors
in the same way that the broken one did. Very strange. I ran
It's po
Am 2019-08-30 17:17, schrieb Gordon Messmer:
On 8/29/19 8:20 AM, Alexander Dalloz wrote:
yum uses libcurl behind the scenes and thus NSS and not OpenSSL.
Good to know.
In that case: Gary, what do you see when you run:
/usr/lib64/nss/unsupported-tools/vfyserv -p 443
us-east.repo.webtati
On Friday 30 August 2019 16:04:51 Gordon Messmer wrote:
> On 8/30/19 5:52 AM, Gary Stainburn wrote:
> > Incidentally, the*good* server that I was referencing my broken server
> > against has decided to start giving the curl certificate errors in the same
> > way that the broken one did. Very str
On 8/29/19 8:20 AM, Alexander Dalloz wrote:
yum uses libcurl behind the scenes and thus NSS and not OpenSSL.
Good to know.
In that case: Gary, what do you see when you run:
/usr/lib64/nss/unsupported-tools/vfyserv -p 443
us-east.repo.webtatic.com
Do you get something indicative when
On 8/30/19 5:52 AM, Gary Stainburn wrote:
Incidentally, the*good* server that I was referencing my broken server against
has decided to start giving the curl certificate errors in the same way that
the broken one did. Very strange. I ran
It's possible that the error is unrelated to the ca-
On Friday 30 August 2019 12:45:04 Paddy Doyle wrote:
>
> Just to mention that the 'etckeeper' package from EPEL is great for
> tracking changes to /etc. Package installs trigger a commit, as do a daily
> cron job.
>
> If in this case it was a corrupt file in /etc/pki, then a 'git log' or
> simila
On Fri, Aug 30, 2019 at 12:17:47PM +0100, Gary Stainburn wrote:
> On Friday 30 August 2019 12:03:26 Alexander Dalloz wrote:
> >
> > Besides a corrupted certificates bundle I cannot imagine a different
> > root cause actually.
Just to mention that the 'etckeeper' package from EPEL is great for
tr
On Friday 30 August 2019 12:03:26 Alexander Dalloz wrote:
> You are welcome Gary. And I am curious about what the cause of your repo
> troubles is.
I have looked back over what I have done, and cannot see what has caused the
problem to occurr. I do not see anywhere where it could have been from
On Friday 30 August 2019 11:51:35 Tony Mountifield wrote:
> And you could try re-installing ca-certificates on the offending box.
>
> # yum --disablerepo=\* --enablerepo=base --enablerepo=updates reinstall
> ca-certificates
>
> Cheers
> Tony
I have just done this and it appears to have fixed th
Am 2019-08-30 10:52, schrieb Gary Stainburn:
On Thursday 29 August 2019 18:10:19 Alexander Dalloz wrote:
> 2019-08-29 17:23:18,117 exception: [Errno 14] curl#60 - "Peer's
> Certificate issuer is not recognized."
> 2019-08-29 17:23:18,117 retrycode (14) not in list [-1, 2, 4, 5, 6,
> 7], re-raisi
In article <201908300952.37126.gary.stainb...@ringways.co.uk>,
Gary Stainburn wrote:
> On Thursday 29 August 2019 18:10:19 Alexander Dalloz wrote:
> > > 2019-08-29 17:23:18,117 exception: [Errno 14] curl#60 - "Peer's
> > > Certificate issuer is not recognized."
> > > 2019-08-29 17:23:18,117 retryc
On 30/08/19 9:02 PM, Gary Stainburn wrote:
[root@stan2 ~]# yum update
2. Reconfigure the baseurl/etc. for the repository, to point to a working
upstream. This is most often useful if you are using a newer
distribution release than is supported by the repository (and the
On Friday 30 August 2019 04:54:14 Peter wrote:
>
> I would try this:
>
> yum clean all
ran okay.
> yum --disablerepo=epel update
ran okay but said there was nothing to update which I find hard to believe. It
has been a month or so at least since the last successful update. It did
complain ab
On Thursday 29 August 2019 18:10:19 Alexander Dalloz wrote:
> > 2019-08-29 17:23:18,117 exception: [Errno 14] curl#60 - "Peer's
> > Certificate issuer is not recognized."
> > 2019-08-29 17:23:18,117 retrycode (14) not in list [-1, 2, 4, 5, 6,
> > 7], re-raising
>
> [ ... ]
>
> > Cannot retrieve m
On 29/08/19 9:58 PM, Gary Stainburn wrote:
One of the configured repositories failed (Unknown),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:
Cannot retrieve metalink for repository: epel/
Am 2019-08-29 18:26, schrieb Gary Stainburn:
On Thursday 29 August 2019 16:47:11 Alexander Dalloz wrote:
rpm -Vv nss
[root@stan2 ~]# rpm -Vv nss
./etc/pki/nss-legacy
. c /etc/pki/nss-legacy/nss-rhel7.config
./etc/pki/nssdb
. c /etc/pki/nssdb/cert8.db
.
On Thursday 29 August 2019 16:47:11 Alexander Dalloz wrote:
> rpm -Vv nss
[root@stan2 ~]# rpm -Vv nss
./etc/pki/nss-legacy
. c /etc/pki/nss-legacy/nss-rhel7.config
./etc/pki/nssdb
. c /etc/pki/nssdb/cert8.db
. c /etc/pki/nssdb/cert9.db
.
Am 2019-08-29 17:36, schrieb Gary Stainburn:
On Thursday 29 August 2019 16:20:00 Alexander Dalloz wrote:
Hi,
yum uses libcurl behind the scenes and thus NSS and not OpenSSL.
Do you get something indicative when running:
URLGRABBER_DEBUG=1 yum --disablerepo=\* --enablerepo=webtatic
check-updat
On Thursday 29 August 2019 16:20:00 Alexander Dalloz wrote:
> Hi,
>
> yum uses libcurl behind the scenes and thus NSS and not OpenSSL.
>
> Do you get something indicative when running:
>
> URLGRABBER_DEBUG=1 yum --disablerepo=\* --enablerepo=webtatic
> check-update
>
> Alexander
I get a lot o
Am 2019-08-29 16:51, schrieb Gary Stainburn:
On Thursday 29 August 2019 15:45:44 Gordon Messmer wrote:
On 8/29/19 3:03 AM, Gary Stainburn wrote:
> https://us-east.repo.webtatic.com/yum/el7/x86_64/repodata/repomd.xml: [Errno 14]
curl#60 - "Peer's Certificate issuer is not recognized."
What do
On Thursday 29 August 2019 15:45:44 Gordon Messmer wrote:
> On 8/29/19 3:03 AM, Gary Stainburn wrote:
> > https://us-east.repo.webtatic.com/yum/el7/x86_64/repodata/repomd.xml:
> > [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized."
>
>
> What do you see when you run:
>
> op
On 8/29/19 3:03 AM, Gary Stainburn wrote:
https://us-east.repo.webtatic.com/yum/el7/x86_64/repodata/repomd.xml: [Errno 14] curl#60
- "Peer's Certificate issuer is not recognized."
What do you see when you run:
openssl s_client -showcerts -connect us-east.repo.webtatic.com:443
_
Interestingly, if I try a yum update on one of my other boxes I get similar
errors. However, it then proceeds to complete the yum update successfully
[root@ollie2 ~]# yum update
Loaded plugins: fastestmirror, langpacks
Determining fastest mirrors
Could not get metalink
https://mirrors.fedoraproj
On Wednesday 28 August 2019 22:41:24 Jonathan Billings wrote:
> If it’s really out of date, you might need to update the ca-certificates
> package, but that’d have to be a really old system.
>
> I’d suggest by checking to make sure the clock on your computer isn’t really
> out of date. If its r
On Aug 28, 2019, at 4:36 PM, Gary Stainburn
wrote:
> Anyone got any suggestions?
If it’s really out of date, you might need to update the ca-certificates
package, but that’d have to be a really old system.
I’d suggest by checking to make sure the clock on your computer isn’t really
out of da
This evening I decided to do some work on my development C7 system. As I have
not touched it for a while, and wanted to install new services I thought I'd
better yum update first.
I saw that it only did updates from Google and PHP, and none from the system
repo's so I had a closer look. It show
29 matches
Mail list logo
