Opened 5 months ago
Last modified 5 days ago
#21855 needinfo defect
http://josm.openstreetmap.de/apt focal Release' no longer has a Release file.
| Reported by: | A_Pirard | Owned by: | A_Pirard |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | Ubuntu package | Version: | |
| Keywords: | distribution | Cc: |
Description (last modified by )
When reloading Synaptic, message
http://josm.openstreetmap.de/apt focal Release' no longer has a Release file.
$ sudo apt update
...
Get:7 http://be.archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
...
Get:18 http://be.archive.ubuntu.com/ubuntu focal-updates/universe i386 Packages [677 kB]
Err:14 https://josm.openstreetmap.de/apt focal Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 2a01:4f9:2b:907::2 443]
...
Reading package lists... Done
E: The repository 'http://josm.openstreetmap.de/apt focal Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Attachments (0)
Change History (6)
comment:1 Changed 5 months ago by
| Component: | Wiki content → Ubuntu package |
|---|
comment:2 Changed 4 months ago by
| Owner: | changed from team to A_Pirard |
|---|---|
| Status: | new → needinfo |
Can you give us the line in /etc/apt/sources.list for JOSM? It should look like
deb https://josm.openstreetmap.de/apt focal universe
comment:3 Changed 2 weeks ago by
| Resolution: | → needinfo |
|---|---|
| Status: | needinfo → closed |
comment:4 Changed 7 days ago by
| Description: | modified (diff) |
|---|---|
| Resolution: | needinfo |
| Status: | closed → reopened |
You didn't ask more info.
Easy. Description updated.
Cheers.
comment:5 Changed 7 days ago by
A_Pirard: please reread comment:2.
Anyway, skyper just updated Ubuntu repo instructions. Try following those, and see if that helps.
comment:6 Changed 5 days ago by
| Priority: | major → normal |
|---|---|
| Status: | reopened → needinfo |
Replying to A_Pirard:
Err:14 https://josm.openstreetmap.de/apt focal Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 2a01:4f9:2b:907::2 443]
...
Reading package lists... Done
E: The repository 'http://josm.openstreetmap.de/apt focal Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
From https://dev.ssllabs.com/ssltest/analyze.html?d=josm.openstreetmap.de&latest (since I don't have IPv6), it looks like we use the same certificate for IPv4 and IPv6 from letsencrypt (current validity range is Thu, 09 Jun 2022 03:45:08 UTC to Wed, 07 Sep 2022 03:45:07 UTC).
Best guess: you do not have the ISRG Root X1 root certificate from lets encrypt installed/enabled on your machine, or you have taken actions to blacklist it. You probably have the DST Root CA X3 alternate root certificate on your machine, which expired in September 2021.
Try running dpkg-reconfigure ca-certificates and ensure that ISRG_Root_X1.crt is enabled (it may be prefixed with mozilla/ or something like that).
If the above actions do not fix the problem, please attach a copy of /etc/ca-certificates.conf (especially if you do not see ISRG_Root_X1 in the list). You may need to manually add it (but hopefully not). But do check and see if it exists in /usr/share/ca-certificates/mozilla (probably mozilla). (i.e., file /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt).
Strange, the file is present, see apt/dists/focal/.