invalid SSL cert for *.packages.shiftkey.dev
#1062
Comments
nuernbergerA
changed the title
apt.packages.shiftkey.dev
|
Facing a similar issue when installing GitHub Desktop using @shiftkey package feed |
|
Similar issue on RHEL too. |
|
Same issue in RPM repo |
|
Just thought I would add that "invalid" in this case does not mean "expired," as tends to be the case when TLS goes awry and is what I expected to find when I myself encountered this issue just now. Rather, the Subject (Common Name) of the certificate no longer matches the domain name, instead being issued for Thanks for maintaining such a useful resource for us Linux diehards out there. 👍🏻 |
nuernbergerA
changed the title
apt.packages.shiftkey.dev*.packages.shiftkey.dev
|
Similar issue on Fedora Linux 40: GitHub Desktop 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository 'shiftkey-packages':
- Curl error (60): SSL peer certificate or SSH remote key was not OK for https://rpm.packages.shiftkey.dev/rpm/repodata/repomd.xml [SSL: no alternative certificate subject name matches target host name 'rpm.packages.shiftkey.dev']
Error: Failed to download metadata for repo 'shiftkey-packages': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Ignoring repositories: shiftkey-packages |
|
its joever 😭 |
|
Same here, Ubuntu 22.04.4 LTS. As @RogueScholar said, if you try to open the link in a browser (Firefox in my case), you see the following:
|
|
Hi there, i tried to do a simple sudo apt update && upgrade today and apt.package.shiftkey.dev denied being on a trusted certificate. here is a clip from my terminal.
|
|
Please don't post me too comments... There is nothing to be done on the client side. We have to wait for @shiftkey to fix thie |
thanks for info. I am rather new to this, the main info was more my terminal sequence, i thought it could help. But I am glad to get more infos on what or how I can better interact in places like this. so if you can give me some advice, i gladly take it. |
|
👋 Apologies for the delay - I've been on holidays the past couple of weeks so this had to sit broken. This has now been restored and I'll do a bit of a write-up on the next steps when I have bandwidth to document this further. |
|
Thank you @shiftkey! RPM repo is working again (at least for Fedora 40) |
|
Unsure if related but I am getting timeouts with DNF on Fedora on the rpm.packages.shiftkey.dev. I have been getting them the past few days. |
Which DNS are you using? I cannot reproduce the issue (using Fedora 40 too). |
Thanks. Looks like it was DNS. I use PiHole but it was not blocking the request. Any outside requests are forwarded to Cloudflare DNS and for some reason I was not getting through. If I switched to another public DNS it seems to work. Thanks! |
|
Certificate is failing again in the RPM repo |
|
Yep, the same issue has been revived. |
|
Facing same issue on Ubuntu 24.04 |
|
I haven't done this write-up yet so I'm gonna reopen this for now to remind myself to not forget this issue... |
|
Hi @shiftkey, there was a post on reddit which wrongly claimed you were difficult to contact so I raised this concern on the upstream repo instead, that is the ticket at desktop#18963 which @sergiou87 closed about a day ago. I won't repeat the whole ticket here, but this is the key to the problem:
Please let me know if there is anything I can do at my end to help with the diagnosis (e.g. if you suspect that my DNS is not returning the same IP as other DNS at other locations where the problem does not arise). |
|
Just did a fresh 'apt update', got this response: So resolving to different IPv6 and IPv4 addresses (unsurprising if this is hosted on Azure), now timing out rather than returning a bad certificate. BTW apologies for raising the completely unfounded supply chain suspicion - I was panicking because azureedge.net and microsoftstream.com looked to me like domains which I might see in a phishing scam, but I should have realized that windows.net was unlikely to be under hostile control. |
|
Have the same issue in the Debian repository. |
|
Aug 11, 2024 here. CN on the cert when I go to apt.packages.shiftkey.dev is "*.azureedge.net", so apt rejects it, and it is not possible to update/upgrade/anything. |
|
Same issues Pop OS 22.04 |
|
Using gdebi for now to install latest update. Thanks for your work. Anyway, do you have any plans to fix this in the near future? |
|
Feel free to steer more traffic to my mirror to reduce bandwidth usage. The most extreme would be to remove the source repo from the readme and only list it as the source for gpg keys. (For security context, I don't have shiftkey's private key. I just download and serve up the files that he has signed.) |
$ sudo dnf upgrade
GitHub Desktop 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository 'shiftkey-packages':
- Curl error (60): SSL peer certificate or SSH remote key was not OK for https://rpm.packages.shiftkey.dev/rpm/repodata/repomd.xml [SSL: no alternative certificate subject name matches target host name 'rpm.packages.shiftkey.dev']
Error: Failed to download metadata for repo 'shiftkey-packages': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Ignoring repositories: shiftkey-packages
Last metadata expiration check: 2:45:14 ago on Mon 11 Nov 2024 08:18:29 PM -03.
Dependencies resolved.
Nothing to do.
Complete!
|
Hey @shiftkey,
it seems that your ssl cert for https://apt.packages.shiftkey.dev/ is the default azure one and causes an error for
aptThe text was updated successfully, but these errors were encountered: