** Also affects: gnutls28 (Ubuntu)
Importance: Undecided
Status: New
** Changed in: apt (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: gnutls28 (Ubuntu)
Status: New => Fix Released
** Also affects: apt (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: gnutls28 (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: apt (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: gnutls28 (Ubuntu Jammy)
Importance: Undecided
Status: New
** No longer affects: apt (Ubuntu Focal)
** No longer affects: apt (Ubuntu Jammy)
** Tags added: rls-jj-incoming
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/2046818
Title:
APT: certificate validation failed (LE certificate)
Status in apt package in Ubuntu:
Fix Released
Status in gnutls28 package in Ubuntu:
Fix Released
Status in gnutls28 source package in Focal:
New
Status in gnutls28 source package in Jammy:
New
Bug description:
Hi!
I am not sure if this is the correct place or package to report the issue to
(maybe apt-transport-https or libgnutls?).
Anyway, the https://mariadb.gb.ssimn.org/ mirror can not be used by
APT and gives the following error:
W: Failed to fetch
https://mariadb.gb.ssimn.org/repo/11.3/ubuntu/dists/jammy/InRelease
Certificate verification failed: The certificate is NOT trusted. The
certificate issuer is unknown. Could not handshake: Error in the certificate
verification. [IP: 81.0.219.146 443]
W: Some index files failed to download. They have been ignored, or old ones
used instead.
But the Let's Encrypt certificate looks OK and wget or curl can
establish TLS connection without pb, see below and
https://mariadb.gb.ssimn.org/.
This has been tested on Ubuntu 18.04 and Ubuntu 22.04 with the
following commands (see https://mariadb.org/download/?t=repo-
config&d=22.04+%22jammy%22&v=11.3+%5BRC%5D&r_m=starburst):
$ podman run -it ubuntu:22.04 bash
root@288e75580b84:/# apt update
root@288e75580b84:/# apt-get install apt-transport-https curl
root@288e75580b84:/# mkdir -p /etc/apt/keyrings
root@288e75580b84:/# curl -o /etc/apt/keyrings/mariadb-keyring.pgp
'https://mariadb.org/mariadb_release_signing_key.pgp'
Add the following in the `/etc/apt/sources.list.d/mariadb.sources`:
# MariaDB 11.3 [RC] repository list - created 2023-12-18 15:09 UTC
# https://mariadb.org/download/
X-Repolib-Name: MariaDB
Types: deb
URIs: https://mariadb.gb.ssimn.org/repo/11.3/ubuntu
Suites: jammy
Components: main main/debug
Signed-By: /etc/apt/keyrings/mariadb-keyring.pgp
Apt update fails but curl works:
root@288e75580b84:/# curl -o /tmp/PublicKey
https://mariadb.gb.ssimn.org/PublicKey
% Total % Received % Xferd Average Speed Time Time Time
Current
Dload Upload Total Spent Left Speed
100 14928 100 14928 0 0 97876 0 --:--:-- --:--:-- --:--:-- 98210
I am not able to reproduce this either on Debian (10/11/12) or Ubuntu
23.04.
Regards,
Faustin
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2046818/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
