Hallo all,
i have an old instance of napp-it that I finally wanted to update, but it wont let me do it.
I checked my valid update path ist r151030, so:
root@napp-it-026:/etc# pkg set-publisher -r -O OmniOS r151030 core omnios
pkg set-publisher: Could not refresh the catalog for omnios
Unable to contact valid package repository
Encountered the following error(s):
Unable to contact any configured publishers.
This is likely a network configuration problem.
Framework error: code: E_SSL_CACERT (60) reason: SSL certificate problem: certificate has expired
URL: 'OmniOS r151030 core' (happened 2 times)
and yes the date and time are absolutely correct.
For me it looks like omnios is missing an update of the root-CAs from letsencrypt.
I tested the following:
root@napp-it-026:/etc# wget IPS Repositories
--2022-01-31 17:09:51-- IPS Repositories
Resolving pkg.omnios.org... 129.132.2.8, 2001:67c:10ec:2941::28
Connecting to pkg.omnios.org|129.132.2.8|:443... connected.
ERROR: cannot verify pkg.omnios.org's certificate, issued by 'CN=R3,O=Let\'s Encrypt,C=US':
Issued certificate has expired.
To connect to pkg.omnios.org insecurely, use `--no-check-certificate'.
Obivously it is not an issue of the webserver itself.
It is a problem of missing root Certs from Lets-Encrypt in the CA-store of omnios and I am sure newer omnios releases dont have this problem .
So my dumb question is:
How to update the certstore or get omnios to accept without certchecking for an update?
I tried:
root@napp-it-026:/etc# pkg set-property signature-policy ignore
with no different result.
Any help woul be very nice...
Kind regards
i have an old instance of napp-it that I finally wanted to update, but it wont let me do it.
I checked my valid update path ist r151030, so:
root@napp-it-026:/etc# pkg set-publisher -r -O OmniOS r151030 core omnios
pkg set-publisher: Could not refresh the catalog for omnios
Unable to contact valid package repository
Encountered the following error(s):
Unable to contact any configured publishers.
This is likely a network configuration problem.
Framework error: code: E_SSL_CACERT (60) reason: SSL certificate problem: certificate has expired
URL: 'OmniOS r151030 core' (happened 2 times)
and yes the date and time are absolutely correct.
For me it looks like omnios is missing an update of the root-CAs from letsencrypt.
I tested the following:
root@napp-it-026:/etc# wget IPS Repositories
--2022-01-31 17:09:51-- IPS Repositories
Resolving pkg.omnios.org... 129.132.2.8, 2001:67c:10ec:2941::28
Connecting to pkg.omnios.org|129.132.2.8|:443... connected.
ERROR: cannot verify pkg.omnios.org's certificate, issued by 'CN=R3,O=Let\'s Encrypt,C=US':
Issued certificate has expired.
To connect to pkg.omnios.org insecurely, use `--no-check-certificate'.
Obivously it is not an issue of the webserver itself.
It is a problem of missing root Certs from Lets-Encrypt in the CA-store of omnios and I am sure newer omnios releases dont have this problem .
So my dumb question is:
How to update the certstore or get omnios to accept without certchecking for an update?
I tried:
root@napp-it-026:/etc# pkg set-property signature-policy ignore
with no different result.
Any help woul be very nice...
Kind regards