[Errno 14] Peer cert cannot be verified or peer cert invalid Trying other mirror.

General support questions
Post Reply
simon@bp
Posts: 25
Joined: 2014/07/31 20:00:37

[Errno 14] Peer cert cannot be verified or peer cert invalid Trying other mirror.

Post by simon@bp » 2021/10/05 22:59:01

Does anyone have any insight into this and the Let's encrypt problem?

Code: Select all

http://vault.centos.org/6.10/os/x86_64/repodata/repomd.xml: [Errno 14] Peer cert cannot be verified or peer cert invalid
Trying other mirror.
It was impossible to connect to the Red Hat servers.
I have pointed the Centos-Base.repo to the vault:

Code: Select all

baseurl=http://vault.centos.org/6.10/os/$basearch/
and similar changes for updates.


It's not a network problem at my end. Working around the issue would be sufficient.

I have tried putting "sslverify=0" in /etc/yum.conf. It didn't help.

Please, we all know that CentOS 6 is EOL, but I have customers that I need to support who are still on CentOS 6.

User avatar
TrevorH
Forum Moderator
Posts: 31162
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: [Errno 14] Peer cert cannot be verified or peer cert invalid Trying other mirror.

Post by TrevorH » 2021/10/06 09:14:35

It's the letsencrypt CA certificate problem. You'd need to remove the expired one from the CA bundle but whether CentOS 6's openssl will have the necessary code to follow the alternate certificate path is another question.

Sorry, but CentOS 6 is dead. It came out in 2010 with a 7 year lifespan, subsequently extended to 10 years. It died in 2020. Everyone had plenty of notice that it was going away so to still be on it a year after it died makes this a predictable breakage.

Get off CentOS 6.
CentOS 6 died in November 2020 - migrate to a new version!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

Hellkeeper
Posts: 47
Joined: 2005/07/10 22:16:30
Contact:

Re: [Errno 14] Peer cert cannot be verified or peer cert invalid Trying other mirror.

Post by Hellkeeper » 2021/10/06 17:56:53

I don't want to encourage anyone to stay on Centos 6, on the contrary ... upgrade your servers to the latest version ... but ... this problem can be solved if really needed ...

See here: https://community.letsencrypt.org/t/rhe ... ion/161032

Build openssl RPM:

Code: Select all

yum install wget
yum install krb5-devel zlib-devel lksctp-tools-devel util-linux make gcc rpm-build
curl -o openssl-1.0.2k-21.el7_9.src.rpm https://vault.centos.org/7.9.2009/updates/Source/SPackages/openssl-1.0.2k-21.el7_9.src.rpm
rpm -i openssl-1.0.2k-21.el7_9.src.rpm
cd ~/rpmbuild/SOURCES/
sed -i 's/secure_getenv(/getenv(/g' *patch
cd ../SPECS/
sed -i 's/%patch68 -p1 -b .secure-getenv/#%patch68 -p1 -b .secure-getenv/g' openssl.spec
rpmbuild -bb openssl.spec
cd ../RPMS/x86_64
rpm -U openssl-libs-1.0.2k-21.el6.x86_64.rpm openssl-1.0.2k-21.el6.x86_64.rpm

Build ca-certificates RPM:

Code: Select all

yum install asciidoc java-1.6.0-openjdk
mkdir /dl/ca-cert; cd /dl/ca-cert;
curl -o ca-certificates-2020.2.41-65.1.el6_10.src.rpm https://vault.centos.org/6.10/updates/Source/SPackages/ca-certificates-2020.2.41-65.1.el6_10.src.rpm
rpm -i ca-certificates-2020.2.41-65.1.el6_10.src.rpm
curl -o ca-certificates-2021.2.50-72.el7_9.src.rpm https://vault.centos.org/7.9.2009/updates/Source/SPackages/ca-certificates-2021.2.50-72.el7_9.src.rpm
rpm2cpio ca-certificates-2021.2.50-72.el7_9.src.rpm | cpio -idmv
cp certdata.txt ~/rpmbuild/SOURCES/
sed -i 's/Version: 2020.2.41/Version: 2021.2.50/g' ~/rpmbuild/SPECS/ca-certificates.spec
rpmbuild -bb ca-certificates.spec
cd /root/rpmbuild/RPMS/noarch/
rpm -U ca-certificates-2021.2.50-65.1.el6.noarch.rpm
Andreas S.

simon@bp
Posts: 25
Joined: 2014/07/31 20:00:37

Re: [Errno 14] Peer cert cannot be verified or peer cert invalid Trying other mirror.

Post by simon@bp » 2021/10/06 18:15:19

Manually downloading the latest (for CentOS6) rpms for openssl and ca-certificates, installing them using rpm, allowed the system to be updated to the most recent (but still outdated) packages using yum (with 'sslverify=0" in /etc/yum.conf).

Post Reply

Return to “CentOS 6 - General Support”