GNU bug report logs - #46829
Let's Encrypt certificate store (le-certs) expired

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Christopher Baines <mail <at> cbaines.net>
Subject: bug#46829: closed (Re: bug#46829: Fresh install of 1.2.0 can't
 guix pull)
Date: Wed, 14 Apr 2021 01:09:02 +0000

[Message part 1 (text/plain, inline)]

Your bug report

#46829: Let's Encrypt certificate store (le-certs) expired

which was filed against the guix package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 46829 <at> debbugs.gnu.org.

-- 
46829: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=46829
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Leo Famulari <leo <at> famulari.name>
To: Christopher Baines <mail <at> cbaines.net>
Cc: 46829-done <at> debbugs.gnu.org
Subject: Re: bug#46829: Fresh install of 1.2.0 can't guix pull
Date: Tue, 13 Apr 2021 21:08:20 -0400

[Message part 3 (text/plain, inline)]

On Sun, Feb 28, 2021 at 10:27:02AM +0000, Christopher Baines wrote:
> root <at> horna ~# guix pull
> substitute: updating substitutes from 'https://guix.cbaines.net'... 100.0%
> 0.0 MB will be downloaded
> downloading from https://guix.cbaines.net/nar/lzip/zg72c146skpca45ijvjigqhqgx0mwiny-le-certs-0 ...
>  le-certs-0  4KiB                                                                                                                                                           1.8MiB/s 00:00 [##################] 100.0%
> 
> Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
> guix pull: error: Git error: the SSL certificate is invalid

This should be fixed with commit
a758a8a3c20052c5f1228e1ec80068652bbc3849, which updates the Guix package
to include commit 15de49e60b255b98a53c6de4780e1ae95a8beada.

There's nothing we can do for the 1.2.0 release artifacts at this point.

[signature.asc (application/pgp-signature, inline)]

[Message part 5 (message/rfc822, inline)]

From: Christopher Baines <mail <at> cbaines.net>
To: bug-guix <at> gnu.org
Subject: Fresh install of 1.2.0 can't guix pull
Date: Sun, 28 Feb 2021 10:27:02 +0000

[Message part 6 (text/plain, inline)]

I believe there's TLS issues with pulling for the current 1.2.0 release.

root <at> horna ~# guix pull
substitute: updating substitutes from 'https://guix.cbaines.net'... 100.0%
0.0 MB will be downloaded
downloading from https://guix.cbaines.net/nar/lzip/zg72c146skpca45ijvjigqhqgx0mwiny-le-certs-0 ...
 le-certs-0  4KiB                                                                                                                                                           1.8MiB/s 00:00 [##################] 100.0%

Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
guix pull: error: Git error: the SSL certificate is invalid

root <at> horna ~# wget https://git.savannah.gnu.org/git/guix.git
--2021-02-28 11:22:49--  https://git.savannah.gnu.org/git/guix.git
Resolving git.savannah.gnu.org (git.savannah.gnu.org)... 209.51.188.201, 2001:470:142:5::201
Connecting to git.savannah.gnu.org (git.savannah.gnu.org)|209.51.188.201|:443... connected.
ERROR: The certificate of ‘git.savannah.gnu.org’ is not trusted.
ERROR: The certificate of ‘git.savannah.gnu.org’ doesn't have a known issuer.


This is probably possible to work around by doing:

  guix pull --url=http://git.savannah.gnu.org/git/guix.git

As the commit signatures are checked, the risk of not using HTTPS should
be reduced.

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.