[Cyberduck-trac] [Cyberduck] #10448: Certificate verification failed / Error in certificate verification when trying to install Cyberduck CLI using Debian package
Cyberduck
trac at cyberduck.io
Thu Aug 30 20:14:15 UTC 2018
#10448: Certificate verification failed / Error in certificate verification when
trying to install Cyberduck CLI using Debian package
----------------------+----------------------
Reporter: patakijv | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: cli | Version: 6.7.1
Severity: normal | Resolution:
Keywords: | Architecture: Intel
Platform: |
----------------------+----------------------
Old description:
> The following steps were performed and results received in a fresh Ubuntu
> 18:04.1 LTS (Bionic Beaver) server Docker Container.
> Is this expected?
>
> {{{
> echo -e "deb https://s3.amazonaws.com/repo.deb.cyberduck.io nightly main"
> > /etc/apt/sources.list.d/cyberduck.list
> echo -e "deb https://s3.amazonaws.com/repo.deb.cyberduck.io stable main"
> >> /etc/apt/sources.list.d/cyberduck.list
> apt-key adv --keyserver keyserver.ubuntu.com --recv-keys FE7097963FEFBE72
> apt-get update
> }}}
>
> Results:
>
> {{{
> Ign:1 https://s3.amazonaws.com/repo.deb.cyberduck.io nightly InRelease
> Hit:2 http://security.ubuntu.com/ubuntu bionic-security InRelease
> Hit:3 http://archive.ubuntu.com/ubuntu bionic InRelease
> Ign:4 https://s3.amazonaws.com/repo.deb.cyberduck.io stable InRelease
> Hit:5 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
> Err:6 https://s3.amazonaws.com/repo.deb.cyberduck.io nightly Release
> Certificate verification failed: The certificate is NOT trusted. The
> certificate issuer is unknown. Could not handshake: Error in the
> certificate verification. [IP: 52.216.32.43 443]
> Hit:7 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
> Err:8 https://s3.amazonaws.com/repo.deb.cyberduck.io stable Release
> Certificate verification failed: The certificate is NOT trusted. The
> certificate issuer is unknown. Could not handshake: Error in the
> certificate verification. [IP: 52.216.32.43 443]
> Reading package lists... Done
> W:
> https://s3.amazonaws.com/repo.deb.cyberduck.io/dists/nightly/InRelease:
> No system certificates available. Try installing ca-certificates.
> W: https://s3.amazonaws.com/repo.deb.cyberduck.io/dists/stable/InRelease:
> No system certificates available. Try installing ca-certificates.
> W: https://s3.amazonaws.com/repo.deb.cyberduck.io/dists/nightly/Release:
> No system certificates available. Try installing ca-certificates.
> E: The repository 'https://s3.amazonaws.com/repo.deb.cyberduck.io nightly
> Release' does not have a Release file.
> N: Updating from such a repository can't be done securely, and is
> therefore disabled by default.
> N: See apt-secure(8) manpage for repository creation and user
> configuration details.
> W: https://s3.amazonaws.com/repo.deb.cyberduck.io/dists/stable/Release:
> No system certificates available. Try installing ca-certificates.
> E: The repository 'https://s3.amazonaws.com/repo.deb.cyberduck.io stable
> Release' does not have a Release file.
> N: Updating from such a repository can't be done securely, and is
> therefore disabled by default.
> N: See apt-secure(8) manpage for repository creation and user
> configuration details.
> }}}
New description:
The following steps were performed and results received in a fresh Ubuntu
18.04.1 LTS (Bionic Beaver) server Docker Container.
Is this expected?
{{{
echo -e "deb https://s3.amazonaws.com/repo.deb.cyberduck.io nightly main"
> /etc/apt/sources.list.d/cyberduck.list
echo -e "deb https://s3.amazonaws.com/repo.deb.cyberduck.io stable main"
>> /etc/apt/sources.list.d/cyberduck.list
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys FE7097963FEFBE72
apt-get update
}}}
Results:
{{{
Ign:1 https://s3.amazonaws.com/repo.deb.cyberduck.io nightly InRelease
Hit:2 http://security.ubuntu.com/ubuntu bionic-security InRelease
Hit:3 http://archive.ubuntu.com/ubuntu bionic InRelease
Ign:4 https://s3.amazonaws.com/repo.deb.cyberduck.io stable InRelease
Hit:5 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
Err:6 https://s3.amazonaws.com/repo.deb.cyberduck.io nightly Release
Certificate verification failed: The certificate is NOT trusted. The
certificate issuer is unknown. Could not handshake: Error in the
certificate verification. [IP: 52.216.32.43 443]
Hit:7 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
Err:8 https://s3.amazonaws.com/repo.deb.cyberduck.io stable Release
Certificate verification failed: The certificate is NOT trusted. The
certificate issuer is unknown. Could not handshake: Error in the
certificate verification. [IP: 52.216.32.43 443]
Reading package lists... Done
W: https://s3.amazonaws.com/repo.deb.cyberduck.io/dists/nightly/InRelease:
No system certificates available. Try installing ca-certificates.
W: https://s3.amazonaws.com/repo.deb.cyberduck.io/dists/stable/InRelease:
No system certificates available. Try installing ca-certificates.
W: https://s3.amazonaws.com/repo.deb.cyberduck.io/dists/nightly/Release:
No system certificates available. Try installing ca-certificates.
E: The repository 'https://s3.amazonaws.com/repo.deb.cyberduck.io nightly
Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is
therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user
configuration details.
W: https://s3.amazonaws.com/repo.deb.cyberduck.io/dists/stable/Release: No
system certificates available. Try installing ca-certificates.
E: The repository 'https://s3.amazonaws.com/repo.deb.cyberduck.io stable
Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is
therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user
configuration details.
}}}
--
Comment (by patakijv):
Apparently since this was a bare bones server setup it needed that ca-
certificate setup first.
Adding the following to my setup resolved the issue:
{{{
apt-get install -y ca-certificates
}}}
FWIW,
There were also some other dependencies required that are not already
installed in a fresh install. (sudo, gnupg)
So my full commands from a fresh install of Ubuntu 18.04 are now:
{{{
export DEBIAN_FRONTEND=noninteractive
apt-get -y update && apt-get install -y sudo apt-utils gnupg ca-
certificates
echo deb https://s3.amazonaws.com/repo.deb.cyberduck.io stable main >>
/etc/apt/sources.list.d/cyberduck.list
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys FE7097963FEFBE72
apt-get -y update
apt-get -y install duck
}}}
In case it is useful, I also found that if ca-certificates was already
installed and this problem existed, you can do a clear and reinstall of
ca-certificates: https://stackoverflow.com/a/29319873
--
Ticket URL: <https://trac.cyberduck.io/ticket/10448#comment:4>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list