On Fri, Aug 30, 2019 at 12:17:47PM +0100, Gary Stainburn wrote:> On Friday 30 August 2019 12:03:26 Alexander Dalloz wrote: > > > > Besides a corrupted certificates bundle I cannot imagine a different > > root cause actually.Just to mention that the 'etckeeper' package from EPEL is great for tracking changes to /etc. Package installs trigger a commit, as do a daily cron job. If in this case it was a corrupt file in /etc/pki, then a 'git log' or similar could show when it happened. Although I think you tried 'rpm -V' already so perhaps it wasn't a corrupt cert file. Paddy -- Paddy Doyle Research IT / Trinity Centre for High Performance Computing, Lloyd Building, Trinity College Dublin, Dublin 2, Ireland. Phone: +353-1-896-3725 https://www.tchpc.tcd.ie/
On Friday 30 August 2019 12:45:04 Paddy Doyle wrote:> > Just to mention that the 'etckeeper' package from EPEL is great for > tracking changes to /etc. Package installs trigger a commit, as do a daily > cron job. > > If in this case it was a corrupt file in /etc/pki, then a 'git log' or > similar could show when it happened. Although I think you tried 'rpm -V' > already so perhaps it wasn't a corrupt cert file. > > Paddy >Hi Paddy, Thanks for this. I'll have a look. Incidentally, the *good* server that I was referencing my broken server against has decided to start giving the curl certificate errors in the same way that the broken one did. Very strange. I ran yum --disablerepo=\* --enablerepo=base --enablerepo=updates reinstall ca-certificates on this server and again it fixed the problem. This would suggest that the problem is actually external to the original broken server.
On 8/30/19 5:52 AM, Gary Stainburn wrote:> Incidentally, the*good* server that I was referencing my broken server against has decided to start giving the curl certificate errors in the same way that the broken one did. Very strange. I ranIt's possible that the error is unrelated to the ca-certificates file.? You'll only see it if yum selects a mirror that uses a Let's Encrypt or Amazon-signed certificate (at least, those were the CAs for the hosts I saw you report errors for).? If yum happens to select mirrors that don't, then everything will work normally.? Reinstalling the package on the original system may have been coincidental.