The certificate issuer is unknown

Technical assistance
1

Running Zammad since more than 2 years on an ubuntu 18.04, Zammad Version 3.4
Today I recognized a problem, trying to run an apt-get update / upgrade

The output

Err:6 https://dl.packager.io/srv/deb/zammad/zammad/stable/ubuntu 18.04 Release
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 178.63.71.248 443]
Hit:7 Index of /certbot/certbot/ubuntu bionic InRelease
Reading package lists… Done
E: The repository ‘https://dl.packager.io/srv/deb/zammad/zammad/stable/ubuntu 18.04 Release’ no longer has a Release file.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

I’ve checked the /etc/apt/sources.list.d/zammad.list

This file was generated by dl.packager.io

deb https://dl.packager.io/srv/deb/zammad/zammad/stable/ubuntu 18.04 main

And /var/lib/apt/lists$ dir

archive.ubuntu.com_ubuntu_dists_bionic-backports_InRelease archive.ubuntu.com_ubuntu_dists_bionic-security_universe_i18n_Translation-en
archive.ubuntu.com_ubuntu_dists_bionic-backports_main_binary-amd64_Packages archive.ubuntu.com_ubuntu_dists_bionic_universe_binary-amd64_Packages
archive.ubuntu.com_ubuntu_dists_bionic-backports_main_i18n_Translation-en archive.ubuntu.com_ubuntu_dists_bionic_universe_i18n_Translation-de
archive.ubuntu.com_ubuntu_dists_bionic-backports_universe_binary-amd64_Packages archive.ubuntu.com_ubuntu_dists_bionic_universe_i18n_Translation-en
archive.ubuntu.com_ubuntu_dists_bionic-backports_universe_i18n_Translation-en archive.ubuntu.com_ubuntu_dists_bionic-updates_InRelease
archive.ubuntu.com_ubuntu_dists_bionic_InRelease archive.ubuntu.com_ubuntu_dists_bionic-updates_main_binary-amd64_Packages
archive.ubuntu.com_ubuntu_dists_bionic_main_binary-amd64_Packages archive.ubuntu.com_ubuntu_dists_bionic-updates_main_i18n_Translation-en
archive.ubuntu.com_ubuntu_dists_bionic_main_i18n_Translation-de archive.ubuntu.com_ubuntu_dists_bionic-updates_multiverse_binary-amd64_Packages
archive.ubuntu.com_ubuntu_dists_bionic_main_i18n_Translation-en archive.ubuntu.com_ubuntu_dists_bionic-updates_multiverse_i18n_Translation-en
archive.ubuntu.com_ubuntu_dists_bionic_multiverse_binary-amd64_Packages archive.ubuntu.com_ubuntu_dists_bionic-updates_restricted_binary-amd64_Packages
archive.ubuntu.com_ubuntu_dists_bionic_multiverse_i18n_Translation-de archive.ubuntu.com_ubuntu_dists_bionic-updates_restricted_i18n_Translation-en
archive.ubuntu.com_ubuntu_dists_bionic_multiverse_i18n_Translation-en archive.ubuntu.com_ubuntu_dists_bionic-updates_universe_binary-amd64_Packages
archive.ubuntu.com_ubuntu_dists_bionic_restricted_binary-amd64_Packages archive.ubuntu.com_ubuntu_dists_bionic-updates_universe_i18n_Translation-en
archive.ubuntu.com_ubuntu_dists_bionic_restricted_i18n_Translation-de auxfiles
archive.ubuntu.com_ubuntu_dists_bionic_restricted_i18n_Translation-en dl.packager.io_srv_deb_zammad_zammad_stable_ubuntu_dists_18.04_main_binary-amd64_Packages
archive.ubuntu.com_ubuntu_dists_bionic-security_InRelease dl.packager.io_srv_deb_zammad_zammad_stable_ubuntu_dists_18.04_Release
archive.ubuntu.com_ubuntu_dists_bionic-security_main_binary-amd64_Packages dl.packager.io_srv_deb_zammad_zammad_stable_ubuntu_dists_18.04_Release.gpg
archive.ubuntu.com_ubuntu_dists_bionic-security_main_i18n_Translation-en lock
archive.ubuntu.com_ubuntu_dists_bionic-security_multiverse_binary-amd64_Packages partial
archive.ubuntu.com_ubuntu_dists_bionic-security_multiverse_i18n_Translation-en ppa.launchpad.net_certbot_certbot_ubuntu_dists_bionic_InRelease
archive.ubuntu.com_ubuntu_dists_bionic-security_restricted_binary-amd64_Packages ppa.launchpad.net_certbot_certbot_ubuntu_dists_bionic_main_binary-amd64_Packages
archive.ubuntu.com_ubuntu_dists_bionic-security_restricted_i18n_Translation-en ppa.launchpad.net_certbot_certbot_ubuntu_dists_bionic_main_i18n_Translation-en
archive.ubuntu.com_ubuntu_dists_bionic-security_universe_binary-amd64_Packages

So, maybe it is a temporary problem ?
I can’t see, that something is wrong on my ubunut maachine.

2

Try to run sudo apt install ca-certificates and make sure your time is correct. Seems like your servers isn’t able to verify the CA of the certificate.

If that doesn’t work, you could try to run sudo apt-get --allow-unauthenticated upgrade. This skips the certificate validation. Remember that this poses a security threat as attackers could redirect your request.

3

Hi benmo, thanks for your response.
date/time is a accurate.

ca-certificates is already the newest version (20201027ubuntu0.18.04.1).

sudo apt-get --allow-unauthenticated upgrade
This would work of course, but if there is an error inside the repo (?) it’s better to solve this.

I thought maybe more people can confirm the problem.

4

Hi,

I tried it on my end and everything is working. I don’t think this is a general issue.

Have you tried to reinstall the CAs by running sudo apt install --reinstall ca-certificates?

What’s the result if you run openssl s_client -CAfile /etc/ssl/certs/ca-certificates.crt -connect dl.packager.io:443?

5

Indeed, it’s not an general problem.

The openssl s_client -CAfile /etc/ssl/certs/ca-certificates.crt -connect dl.packager.io:443 showed me some errors,
i.e. Verify return code: 21 (unable to verify the first certificate)

klick…klick … :o)

So, the ubuntu machine is not the problem - it was the SSL Inspection between the server and the internet. I checked this, created an seperate rule for this ubuntu server and everything is fine now.

Thanks benmo for your input !

2 Likes
6

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.