Certificate signed by unknown authority

bob · June 10, 2024, 10:43am

Hi. I’m trying to do a system update with yay, but getting a certificate error. Can someone help me please?

yay output is:

==> yay
[sudo] password for bob: 
:: Synchronising package databases...
 endeavouros is up to date
 core is up to date
 extra is up to date
 multilib is up to date
:: Searching AUR for updates...
:: Searching databases for updates...
 -> 1 error occurred:
	* request failed: Get "https://aur.archlinux.org/rpc?arg%5B%5D=endeavouros-skel-default&arg%5B%5D=endeavouros-skel-xfce4&arg%5B%5D=khotkeys&arg%5B%5D=kpeoplevcard&arg%5B%5D=kquickcharts5&arg%5B%5D=krunner5&arg%5B%5D=units&type=info&v=5": tls: failed to verify certificate: x509: certificate signed by unknown authority

Possibly related: running update mirrors either gives

or

==> Warning about https://mirror.alpix.eu/endeavouros/repo/$repo/$arch:
    Connection failed.
    Continuing.

eso · June 10, 2024, 3:21pm

@bob
I’m not sure but try
sudo pacman -S ca-certificates

flyingcakes · June 10, 2024, 3:28pm

You might also have to run sudo update-ca-trust after installing ca-certificates.

Also, a sanity check: is your system time correct?

What is the ouptut of dig +short aur.archlinux.com?

bob · June 10, 2024, 3:47pm

@eso / @flyingcakes No dice I’m afraid.

Output is 3.64.163.50
System time is correct.

eso · June 10, 2024, 4:07pm

with me the same. How about
sudo update-ca-trust

bob · June 10, 2024, 6:14pm

@eso sudo update-ca-trust did not seem to help. Do I have to install ca-certificates first?

eso · June 10, 2024, 6:46pm

I used google mostly. As Pebcak wrote here in a similar case:
sudo cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist_old

reflector --latest 5 --sort rate --download-timeout 120 | sudo tee /etc/pacman.d/mirrorlist

sudo pacman -Syyu

bob · June 11, 2024, 8:18am

@eso That gives me:

error: failed to retrieve mirrorstatus data: URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)>

bob · June 11, 2024, 1:48pm

Fixed the issue. All my VirtualBox VMs were set to use NAT. For some reason it appears that the corporate certificates required to access https were not being picked up by the VM, even though NAT has been fine in the past. Switching from NAT to Bridged Adapter has fixed the issue.

system · June 13, 2024, 1:49pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.