GNU bug report logs - #46829
Let's Encrypt certificate store (le-certs) expired

Previous Next

Full log

View this message in rfc822 format

From: Christopher Baines <mail <at> cbaines.net>
To: 46829 <at> debbugs.gnu.org
Subject: bug#46829: Fresh install of 1.2.0 can't guix pull
Date: Sun, 28 Feb 2021 10:27:02 +0000

[Message part 1 (text/plain, inline)]

I believe there's TLS issues with pulling for the current 1.2.0 release.

root <at> horna ~# guix pull
substitute: updating substitutes from 'https://guix.cbaines.net'... 100.0%
0.0 MB will be downloaded
downloading from https://guix.cbaines.net/nar/lzip/zg72c146skpca45ijvjigqhqgx0mwiny-le-certs-0 ...
 le-certs-0  4KiB                                                                                                                                                           1.8MiB/s 00:00 [##################] 100.0%

Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
guix pull: error: Git error: the SSL certificate is invalid

root <at> horna ~# wget https://git.savannah.gnu.org/git/guix.git
--2021-02-28 11:22:49--  https://git.savannah.gnu.org/git/guix.git
Resolving git.savannah.gnu.org (git.savannah.gnu.org)... 209.51.188.201, 2001:470:142:5::201
Connecting to git.savannah.gnu.org (git.savannah.gnu.org)|209.51.188.201|:443... connected.
ERROR: The certificate of ‘git.savannah.gnu.org’ is not trusted.
ERROR: The certificate of ‘git.savannah.gnu.org’ doesn't have a known issuer.


This is probably possible to work around by doing:

  guix pull --url=http://git.savannah.gnu.org/git/guix.git

As the commit signatures are checked, the risk of not using HTTPS should
be reduced.

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.