search for: stan2

...tem. As I have not touched it for a while, and wanted to install new services I thought I'd better yum update first. I saw that it only did updates from Google and PHP, and none from the system repo's so I had a closer look. It showed certificate errors on a number of repo's. [root at stan2 ~]# yum update Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile Could not get metalink https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=x86_64 error was 14: curl#60 - "Peer's Certificate issuer is not recognized." * base: mirrors.clou...

Am 2019-08-29 18:26, schrieb Gary Stainburn: > On Thursday 29 August 2019 16:47:11 Alexander Dalloz wrote: >> rpm -Vv nss > > [root at stan2 ~]# rpm -Vv nss > ......... /etc/pki/nss-legacy > ......... c /etc/pki/nss-legacy/nss-rhel7.config > ......... /etc/pki/nssdb > ......... c /etc/pki/nssdb/cert8.db > ......... c /etc/pki/nssdb/cert9.db > ......... c /etc/pki/nssdb/key3.db > ......... c /etc/pki/nssdb...

.... The server is less than a year old, and the last yum update was probably only done about 2 months ago. I checked the system time and it was only a few minutes out. A quick rdate to my local time server sorted that. I ran a yum check which took ages but didn't report any problems. [root at stan2 ~]# yum check Loaded plugins: fastestmirror, langpacks check all [root at stan2 ~]# However, running yum update afterwards came up with the same problem. [root at stan2 ~]# yum update Loaded plugins: fastestmirror, langpacks Determining fastest mirrors One of the configured repositories failed...

...yum update only updated PHP and Google Chrome, with PHP coming from REMI. > yum --disablerepo=epel --enablerepo=extras reinstall epel-release ran okay and successfully reinstalled epel-release.noarch 0:7-11 > yum update Still failed in the same way as before. Full output below. [root at stan2 ~]# yum clean all Loaded plugins: fastestmirror, langpacks Cleaning repos: base epel extras remi-php72 remi-safe updates Cleaning up list of fastest mirrors Other repos take up 57 k of disk space (use --verbose for details) [root at stan2 ~]# yum --disablerepo=epel update Loaded plugins: fastestmir...

...t accurate can make SSL > connections fail. Firstly, thank you for you help with this Alexander. I had already checked the system time. It was about 3 minutes out, but I fixed it anyway. I have checked the RPM for the certificates, and it matches the one on another box that works. [root at stan2 ~]# date Fri 30 Aug 09:45:27 BST 2019 [root at stan2 ~]# rpm -qa|grep cert ca-certificates-2018.2.22-70.0.el7_5.noarch [root at stan2 ~]#

...date >> >> Alexander > > I get a lot of output for what looks like access to the local respos.d > files all ending with success. I have included below the first and > last of these immediately followed by the line saying that webtastic > is not found > > [root at stan2 ~]# URLGRABBER_DEBUG=1 yum --disablerepo=\* > --enablerepo=webtatic check update [ ... ] > Error getting repository data for webtatic, repository not found Hm, I thought one of the repositories failing due to failing SSL is the webtatic one. From your posting today 12:03 CEST: * web...

...s fail. > > Firstly, thank you for you help with this Alexander. > > I had already checked the system time. It was about 3 minutes out, but I fixed it anyway. I have checked the RPM for > the certificates, and it matches the one on another box that works. > > > [root at stan2 ~]# date > Fri 30 Aug 09:45:27 BST 2019 > [root at stan2 ~]# rpm -qa|grep cert > ca-certificates-2018.2.22-70.0.el7_5.noarch > [root at stan2 ~]# Can you verify the ca-certificates package on both your systems and compare? Here is what my C7 box shows (same version package as yours):...

...Gary. And I am curious about what the cause of your repo troubles is. > I had already checked the system time. It was about 3 minutes out, but > I fixed it anyway. I have checked the RPM for the certificates, and > it matches the one on another box that works. > > > [root at stan2 ~]# date > Fri 30 Aug 09:45:27 BST 2019 > [root at stan2 ~]# rpm -qa|grep cert > ca-certificates-2018.2.22-70.0.el7_5.noarch > [root at stan2 ~]# That's good. Now please verify that the ca-certificates RPM is healthy: rpm -V ca-certificates In addition you can grep for the DigiCe...

On 8/29/19 3:03 AM, Gary Stainburn wrote: > https://us-east.repo.webtatic.com/yum/el7/x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized." What do you see when you run: ??? openssl s_client -showcerts -connect us-east.repo.webtatic.com:443

...- "Peer's Certificate issuer is not recognized." >> >> >> What do you see when you run: >> >> ??? openssl s_client -showcerts -connect >> us-east.repo.webtatic.com:443 > > That seems to work fine on the faulty server. > > [root at stan2 ~]# openssl s_client -showcerts -connect > us-east.repo.webtatic.com:443 > CONNECTED(00000003) > depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 > verify return:1 > depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 > verify return:1 > depth...

...l7/x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized." > > > What do you see when you run: > > ??? openssl s_client -showcerts -connect us-east.repo.webtatic.com:443 That seems to work fine on the faulty server. [root at stan2 ~]# openssl s_client -showcerts -connect us-east.repo.webtatic.com:443 CONNECTED(00000003) depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 depth=0 CN = webtatic.com verify return:...

On Thursday 29 August 2019 16:47:11 Alexander Dalloz wrote: > rpm -Vv nss [root at stan2 ~]# rpm -Vv nss ......... /etc/pki/nss-legacy ......... c /etc/pki/nss-legacy/nss-rhel7.config ......... /etc/pki/nssdb ......... c /etc/pki/nssdb/cert8.db ......... c /etc/pki/nssdb/cert9.db ......... c /etc/pki/nssdb/key3.db ......... c /etc/pki/nssdb/key4.db ......... c /etc/pki/nssd...

...epo=\* --enablerepo=webtatic > check-update > > Alexander I get a lot of output for what looks like access to the local respos.d files all ending with success. I have included below the first and last of these immediately followed by the line saying that webtastic is not found [root at stan2 ~]# URLGRABBER_DEBUG=1 yum --disablerepo=\* --enablerepo=webtatic check update 2019-08-29 16:27:08,367 urlgrabber version = 3.10 2019-08-29 16:27:08,367 trans function "_" = <function _ at 0x7effcd5bf2a8> 2019-08-29 16:27:08,391 combined options: { 'delegate' : {...