Certificate error deb.frrouting.org
Hello team, I want to install FRR on an Ubuntu 18.04 server and I receive this error when I try to use this procedure (https://deb.frrouting.org/) : # add GPG key curl -s https://deb.frrouting.org/frr/keys.asc | sudo apt-key add - # possible values for FRRVER: frr-6 frr-7 frr-8 frr-stable # frr-stable will be the latest official stable release FRRVER="frr-stable" echo deb https://deb.frrouting.org/frr $(lsb_release -s -c) $FRRVER | sudo tee -a /etc/apt/sources.list.d/frr.list # update and install FRR sudo apt update && sudo apt install frr frr-pythontools root@ukr1:~# curl -s https://deb.frrouting.org/frr/keys.asc | sudo apt-key add - OK root@ukr1:~# FRRVER="frr-stable" root@ukr1:~# echo deb https://deb.frrouting.org/frr $(lsb_release -s -c) $FRRVER | sudo tee -a /etc/apt/sources.list.d/frr.list deb https://deb.frrouting.org/frr bionic frr-stable root@ukr1:~# sudo apt update && sudo apt install frr frr-pythontools Get:1 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB] Hit:2 http://us.archive.ubuntu.com/ubuntu bionic InRelease Ign:3 https://deb.frrouting.org/frr bionic InRelease Get:4 http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB] Err:5 https://deb.frrouting.org/frr bionic Release Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 194.147.138.41 443] Get:6 http://us.archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB] Reading package lists... Done E: The repository 'https://deb.frrouting.org/frr bionic Release' does not have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. Is there something you can fix ? Thanks, Eduard
Hi, We use Let's Encrypt certificates, and as far as I can see, things are good in the deployed certificates. Issued On Wednesday, September 8, 2021 at 12:52:30 PM Expires On Tuesday, December 7, 2021 at 11:52:29 AM It is likely that the ca certificates need updating at your end: sudo apt install ca-certificates you can use the tool update-ca-certificates that comes with the package above to update your CAs. Regards, Jafar On 10/4/21 4:23 AM, Eduard Margulescu wrote:
Hello team,
I want to install FRR on an Ubuntu 18.04 server and I receive this error when I try to use this procedure (https://deb.frrouting.org/) :
/# add GPG key/ curl -s https://deb.frrouting.org/frr/keys.asc <https://deb.frrouting.org/frr/keys.asc> | sudo apt-key add - /# possible values for FRRVER: //frr-6 frr-7 frr-8 frr-stable/// /# frr-stable will be the latest official stable release/ FRRVER="frr-stable" echo deb https://deb.frrouting.org/frr <https://deb.frrouting.org/frr> $(lsb_release -s -c) $FRRVER | sudo tee -a /etc/apt/sources.list.d/frr.list /# update and install FRR/ sudo apt update && sudo apt install frr frr-pythontools
root@ukr1:~# curl -s https://deb.frrouting.org/frr/keys.asc | sudo apt-key add -
OK
root@ukr1:~# FRRVER="frr-stable"
root@ukr1:~# echo deb https://deb.frrouting.org/frr $(lsb_release -s -c) $FRRVER | sudo tee -a /etc/apt/sources.list.d/frr.list
deb https://deb.frrouting.org/frr bionic frr-stable
root@ukr1:~# sudo apt update && sudo apt install frr frr-pythontools
Get:1 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Hit:2 http://us.archive.ubuntu.com/ubuntu bionic InRelease
Ign:3 https://deb.frrouting.org/frr bionic InRelease
Get:4 http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Err:5 https://deb.frrouting.org/frr bionic Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 194.147.138.41 443]
Get:6 http://us.archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
Reading package lists... Done
E: The repository 'https://deb.frrouting.org/frr bionic Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Is there something you can fix ?
Thanks,
Eduard
_______________________________________________ dev mailing list dev@lists.frrouting.org https://lists.frrouting.org/listinfo/dev
I'd try the ca update method I described in my previous email before coming to any conclusions. Regards, Jafar On 10/6/21 3:31 PM, Trae E Santiago wrote:
The FRR slack has details that say otherwise, though I don't know if it has been fixed since I tested. It looks like one of the certs is /not/ changed, but I believe they're fixing it now in Slack: 1:06 <https://frrouting.slack.com/archives/C4T714TAQ/p1633543590164400> 130 :~$ echo | openssl s_client -connect deb.frrouting.org:443 | grep return depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3 verify error:num=10:certificate has expired notAfter=Sep 30 14:01:15 2021 GMT verify return:0 Verify return code: 10 (certificate has expired) DONE [tsantiago@tree01-cs ~]$ echo | openssl s_client -connect deb.frrouting.org:443 | grep return depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = deb.frrouting.org verify return:1 DONE Verify return code: 0 (ok) Thanks,
*Trae Santiago* Network Engineer IBM Cloud +1 (469) 585 - 9317 _tsantiago@us.ibm.com_ <mailto://tsantiago@us.ibm.com/>
----- Original message ----- From: "Jafar Al-Gharaibeh" <jafar@atcorp.com> Sent by: "dev" <dev-bounces+tsantiago=us.ibm.com@lists.frrouting.org> To: "Eduard Margulescu" <eduard.margulescu@bigstep.com>, "dev@lists.frrouting.org" <dev@lists.frrouting.org> Cc: Subject: [EXTERNAL] Re: [dev] Certificate error deb.frrouting.org Date: Wed, Oct 6, 2021 3:07 PM
Hi,
We use Let's Encrypt certificates, and as far as I can see, things are good in the deployed certificates.
Issued On Wednesday, September 8, 2021 at 12:52:30 PM Expires On Tuesday, December 7, 2021 at 11:52:29 AM
It is likely that the ca certificates need updating at your end:
sudo apt install ca-certificates
you can use the tool update-ca-certificates that comes with the package above to update your CAs.
Regards,
Jafar
On 10/4/21 4:23 AM, Eduard Margulescu wrote:
Hello team,
I want to install FRR on an Ubuntu 18.04 server and I receive this error when I try to use this procedure (https://deb.frrouting.org/ <https://deb.frrouting.org/>) :
/# add GPG key/ curl -s https://deb.frrouting.org/frr/keys.asc <https://deb.frrouting.org/frr/keys.asc> | sudo apt-key add - /# possible values for FRRVER: //frr-6 frr-7 frr-8 frr-stable/// /# frr-stable will be the latest official stable release/ FRRVER="frr-stable" echo deb https://deb.frrouting.org/frr <https://deb.frrouting.org/frr> $(lsb_release -s -c) $FRRVER | sudo tee -a /etc/apt/sources.list.d/frr.list /# update and install FRR/ sudo apt update && sudo apt install frr frr-pythontools
root@ukr1:~# curl -s https://deb.frrouting.org/frr/keys.asc <https://deb.frrouting.org/frr/keys.asc> | sudo apt-key add -
OK
root@ukr1:~# FRRVER="frr-stable"
root@ukr1:~# echo deb https://deb.frrouting.org/frr <https://deb.frrouting.org/frr> $(lsb_release -s -c) $FRRVER | sudo tee -a /etc/apt/sources.list.d/frr.list
deb https://deb.frrouting.org/frr <https://deb.frrouting.org/frr> bionic frr-stable
root@ukr1:~# sudo apt update && sudo apt install frr frr-pythontools
Get:1 http://security.ubuntu.com/ubuntu <http://security.ubuntu.com/ubuntu> bionic-security InRelease [88.7 kB]
Hit:2 http://us.archive.ubuntu.com/ubuntu <http://us.archive.ubuntu.com/ubuntu> bionic InRelease
Ign:3 https://deb.frrouting.org/frr <https://deb.frrouting.org/frr> bionic InRelease
Get:4 http://us.archive.ubuntu.com/ubuntu <http://us.archive.ubuntu.com/ubuntu> bionic-updates InRelease [88.7 kB]
Err:5 https://deb.frrouting.org/frr <https://deb.frrouting.org/frr> bionic Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 194.147.138.41 443]
Get:6 http://us.archive.ubuntu.com/ubuntu <http://us.archive.ubuntu.com/ubuntu> bionic-backports InRelease [74.6 kB]
Reading package lists... Done
E: The repository 'https://deb.frrouting.org/frr <https://deb.frrouting.org/frr> bionic Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Is there something you can fix ?
Thanks,
Eduard
_______________________________________________ dev mailing list dev@lists.frrouting.org <mailto:dev@lists.frrouting.org> https://lists.frrouting.org/listinfo/dev <https://lists.frrouting.org/listinfo/dev>
_______________________________________________ dev mailing list dev@lists.frrouting.org https://lists.frrouting.org/listinfo/dev <https://lists.frrouting.org/listinfo/dev>
Hello Jafar, It worked after updating the CA certificates. Thanks, Eduard From: Jafar Al-Gharaibeh <jafar@atcorp.com> Date: Wednesday, 6 October 2021 at 22:35 To: Eduard Margulescu <eduard.margulescu@bigstep.com>, dev@lists.frrouting.org <dev@lists.frrouting.org> Subject: Re: [dev] Certificate error deb.frrouting.org Hi, We use Let's Encrypt certificates, and as far as I can see, things are good in the deployed certificates. Issued On Wednesday, September 8, 2021 at 12:52:30 PM Expires On Tuesday, December 7, 2021 at 11:52:29 AM It is likely that the ca certificates need updating at your end: sudo apt install ca-certificates you can use the tool update-ca-certificates that comes with the package above to update your CAs. Regards, Jafar On 10/4/21 4:23 AM, Eduard Margulescu wrote: Hello team, I want to install FRR on an Ubuntu 18.04 server and I receive this error when I try to use this procedure (https://deb.frrouting.org/) : # add GPG key curl -s https://deb.frrouting.org/frr/keys.asc | sudo apt-key add - # possible values for FRRVER: frr-6 frr-7 frr-8 frr-stable # frr-stable will be the latest official stable release FRRVER="frr-stable" echo deb https://deb.frrouting.org/frr $(lsb_release -s -c) $FRRVER | sudo tee -a /etc/apt/sources.list.d/frr.list # update and install FRR sudo apt update && sudo apt install frr frr-pythontools root@ukr1:~# curl -s https://deb.frrouting.org/frr/keys.asc | sudo apt-key add - OK root@ukr1:~# FRRVER="frr-stable" root@ukr1:~# echo deb https://deb.frrouting.org/frr $(lsb_release -s -c) $FRRVER | sudo tee -a /etc/apt/sources.list.d/frr.list deb https://deb.frrouting.org/frr bionic frr-stable root@ukr1:~# sudo apt update && sudo apt install frr frr-pythontools Get:1 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB] Hit:2 http://us.archive.ubuntu.com/ubuntu bionic InRelease Ign:3 https://deb.frrouting.org/frr bionic InRelease Get:4 http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB] Err:5 https://deb.frrouting.org/frr bionic Release Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 194.147.138.41 443] Get:6 http://us.archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB] Reading package lists... Done E: The repository 'https://deb.frrouting.org/frr bionic Release' does not have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. Is there something you can fix ? Thanks, Eduard _______________________________________________ dev mailing list dev@lists.frrouting.org<mailto:dev@lists.frrouting.org> https://lists.frrouting.org/listinfo/dev
participants (3)
-
Eduard Margulescu -
Jafar Al-Gharaibeh -
Trae E Santiago