The command yum update don't work

Issues related to configuring your network
Post Reply
rafaelpbaptista
Posts: 5
Joined: 2022/07/07 14:51:59

The command yum update don't work

Post by rafaelpbaptista » 2022/07/07 14:59:55

I need a help because I can't use any command associate with yum.
Follow a exemple with the error:

[root@airflow-teste airflow]# yum update
CentOS Stream 9 - BaseOS 0.0 B/s | 0 B 00:06
Errors during downloading metadata for repository 'baseos':
- Curl error (60): SSL peer certificate or SSH remote key was not OK for https://mirrors.centos.org/metalink?rep ... https,http [SSL certificate problem: self-signed certificate in certificate chain]
Erro: Falha ao baixar os metadados do repo. 'baseos': Cannot prepare internal mirrorlist: Curl error (60): SSL peer certificate or SSH remote key was not OK for https://mirrors.centos.org/metalink?rep ... https,http [SSL certificate problem: self-signed certificate in certificate chain]

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: The command yum update don't work

Post by TrevorH » 2022/07/07 15:05:37

Is your machine set to the correct date and time?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

rafaelpbaptista
Posts: 5
Joined: 2022/07/07 14:51:59

Re: The command yum update don't work

Post by rafaelpbaptista » 2022/07/07 15:36:32

The timezone was wrong
I fixed it but the error is present yet.

I attached an image that show a ssh terminal and my Windows Desktop
This image show both of them datetime
datatime.PNG
datatime.PNG (103.59 KiB) Viewed 9165 times

rafaelpbaptista
Posts: 5
Joined: 2022/07/07 14:51:59

Re: The command yum update don't work

Post by rafaelpbaptista » 2022/07/07 17:33:06

I modified the centos.repo file and it still don't work
I changed gpgcheck value the 1 to 0


[baseos]
name=CentOS Stream $releasever - BaseOS
metalink=https://mirrors.centos.org/metalink?rep ... https,http
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
gpgcheck=0
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=1

Someone has more any ideia?

rafaelpbaptista
Posts: 5
Joined: 2022/07/07 14:51:59

Re: The command yum update don't work

Post by rafaelpbaptista » 2022/07/07 17:46:07

I updated the GPG-KEY and nothing

I used this key: https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: The command yum update don't work

Post by TrevorH » 2022/07/07 18:38:49

It's not the GPG key. It is the certificate that is used on the mirror server is somehow being seen as self-signed. My first thought is that you have some sort of web proxy between you and the internet and it is playing MITM with SSL connections and substituting its own certificate in the middle. I ran host mirrors.centos.org and got a list of the ip addresses that that resolves to then I went through wach one in turn and ran openssl s_client -connect ip.add.re.ss:443 and looked at the certificate that each one served me and they are all the same, all valid and all look like
[trevor@trevor4 torrents]$ openssl s_client -connect 209.132.190.2:443 -servername mirrors.centos.org
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = mirrors.centos.org
verify return:1
---
Certificate chain
0 s:CN = mirrors.centos.org
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: May 16 06:03:49 2022 GMT; NotAfter: Aug 14 06:03:48 2022 GMT
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISA698QOIxqJhhfCSmYVOYCW3ZMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjA1MTYwNjAzNDlaFw0yMjA4MTQwNjAzNDhaMB0xGzAZBgNVBAMT
Em1pcnJvcnMuY2VudG9zLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM2yVrXfAsT9B9Jh3Kwl+t6xadKiPTHWsnPd2uFQIpbFbKli1bX0jBe5p5qz
T1+H7VZ8h5ycA39I2Ys9aO5WYDPvw4zbCC/a0oEb6hcLveocH0rV8rHGCPqfcwYs
bFNlDnzQoKDFDEADEldSay3lGn/UEYLbRfGeOTnEwoQH6gq0Mum6MchadtO+my95
RunHnAcgBt5luWak9fr8nVSl/lGrUtnanwMDkj8bvajLKvzvPl9PuwoOWNmVw0l1
CyWrlCBQKMSbzeiR60JViVcNsCcAdp/9OEZc7opZIGEYTiquWhNIbjY0JW8LIsyW
A1R4heTkI1YT70mgrPeLXlw90XMCAwEAAaOCAk0wggJJMA4GA1UdDwEB/wQEAwIF
oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
BgNVHQ4EFgQUxq2iw7iBHozhuKNyD3zwme0lDH8wHwYDVR0jBBgwFoAUFC6zF7dY
VsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRw
Oi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNy
Lm9yZy8wHQYDVR0RBBYwFIISbWlycm9ycy5jZW50b3Mub3JnMEwGA1UdIARFMEMw
CAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j
cHMubGV0c2VuY3J5cHQub3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYAKXm+
8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVdx4QAAAGAy64kvwAABAMARzBFAiEA
hrcFBOxaip+HA9c4/KxyUcNjWzj1gi6bUt2258xmBH0CIG/ChQFcUpmDsRa59cMx
tyP7NCSj3iqwG8GwSq0ls1xIAHYAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jw
kGKWBvYAAAGAy64nFAAABAMARzBFAiEA1U7sRtGTJkhOBqPRUQg/Mh0LjgeWvguH
6JlbNANA2yoCIG/2yuhoGV91g6wjVakvVnMZBxYDvsMWlBgSDSgx1rAWMA0GCSqG
SIb3DQEBCwUAA4IBAQBdw/wT9/d1krhmwN5Oj+X1Lbn7BZFd+pqdqQeq5tIjqxzB
aB9W+q/lV4keNtGQlw/MjbZtz8bKz8CBH42kpcgeXaErKC8tkEY3bSzQnhj03Ag4
oRKTQBd4Ub2aBI9WL/4sn9jKxxIQrDC9zHcDQVBUhMWGnP+C6OK5aH1K1ZAFwBv8
maGaWjqpy67fFehaqYtYhbxTAxJkFXbSGPTLVSOGb+VWZVyu5TgAghTOhQTbdzXm
29tGOzn0eOD4vvi9yx/747/H2Tm718mYRDJf8zIc+h8ApO4ecS/QKZqHyXIn0JLL
nslfB/pp1YFBDBOzq1+QzCzpolHKCTHyIEDIeEmO
-----END CERTIFICATE-----
subject=CN = mirrors.centos.org
issuer=C = US, O = Let's Encrypt, CN = R3
That's a LetsEncrypt SSL cert and should be trusted by almost everything, certainly by CentOS 9 so I can only think that something is meddling with your connection and either doesn't understand LE certs or is just brokenly substituting its own certificate.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

rafaelpbaptista
Posts: 5
Joined: 2022/07/07 14:51:59

Re: The command yum update don't work

Post by rafaelpbaptista » 2022/07/07 19:35:20

Actually there is a proxy in my network's company.
I remember it when I read our answer.
I did a test using curl.
Is there some way to configure a yum proxy connection?
desktop linux.PNG
desktop linux.PNG (42.52 KiB) Viewed 9132 times
curl test.PNG
curl test.PNG (51.92 KiB) Viewed 9132 times

Post Reply