[Cyberduck-trac] [Cyberduck] #10448: Certificate verification failed / Error in certificate verification when trying to install Cyberduck CLI using Debian package

Cyberduck trac at cyberduck.io
Thu Aug 30 20:14:15 UTC 2018 

#10448: Certificate verification failed / Error in certificate verification when
trying to install Cyberduck CLI using Debian package
----------------------+----------------------
 Reporter:  patakijv  |         Owner:
     Type:  defect    |        Status:  new
 Priority:  normal    |     Milestone:
Component:  cli       |       Version:  6.7.1
 Severity:  normal    |    Resolution:
 Keywords:            |  Architecture:  Intel
 Platform:            |
----------------------+----------------------

Old description:

> The following steps were performed and results received in a fresh Ubuntu
> 18:04.1 LTS (Bionic Beaver) server Docker Container.
> Is this expected?
>
> {{{
> echo -e "deb https://s3.amazonaws.com/repo.deb.cyberduck.io nightly main"
> > /etc/apt/sources.list.d/cyberduck.list
> echo -e "deb https://s3.amazonaws.com/repo.deb.cyberduck.io stable main"
> >> /etc/apt/sources.list.d/cyberduck.list
> apt-key adv --keyserver keyserver.ubuntu.com --recv-keys FE7097963FEFBE72
> apt-get update
> }}}
>
> Results:
>

> {{{
> Ign:1 https://s3.amazonaws.com/repo.deb.cyberduck.io nightly InRelease
> Hit:2 http://security.ubuntu.com/ubuntu bionic-security InRelease
> Hit:3 http://archive.ubuntu.com/ubuntu bionic InRelease
> Ign:4 https://s3.amazonaws.com/repo.deb.cyberduck.io stable InRelease
> Hit:5 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
> Err:6 https://s3.amazonaws.com/repo.deb.cyberduck.io nightly Release
>   Certificate verification failed: The certificate is NOT trusted. The
> certificate issuer is unknown.  Could not handshake: Error in the
> certificate verification. [IP: 52.216.32.43 443]
> Hit:7 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
> Err:8 https://s3.amazonaws.com/repo.deb.cyberduck.io stable Release
>   Certificate verification failed: The certificate is NOT trusted. The
> certificate issuer is unknown.  Could not handshake: Error in the
> certificate verification. [IP: 52.216.32.43 443]
> Reading package lists... Done
> W:
> https://s3.amazonaws.com/repo.deb.cyberduck.io/dists/nightly/InRelease:
> No system certificates available. Try installing ca-certificates.
> W: https://s3.amazonaws.com/repo.deb.cyberduck.io/dists/stable/InRelease:
> No system certificates available. Try installing ca-certificates.
> W: https://s3.amazonaws.com/repo.deb.cyberduck.io/dists/nightly/Release:
> No system certificates available. Try installing ca-certificates.
> E: The repository 'https://s3.amazonaws.com/repo.deb.cyberduck.io nightly
> Release' does not have a Release file.
> N: Updating from such a repository can't be done securely, and is
> therefore disabled by default.
> N: See apt-secure(8) manpage for repository creation and user
> configuration details.
> W: https://s3.amazonaws.com/repo.deb.cyberduck.io/dists/stable/Release:
> No system certificates available. Try installing ca-certificates.
> E: The repository 'https://s3.amazonaws.com/repo.deb.cyberduck.io stable
> Release' does not have a Release file.
> N: Updating from such a repository can't be done securely, and is
> therefore disabled by default.
> N: See apt-secure(8) manpage for repository creation and user
> configuration details.
> }}}

New description:

 The following steps were performed and results received in a fresh Ubuntu
 18.04.1 LTS (Bionic Beaver) server Docker Container.
 Is this expected?

 {{{
 echo -e "deb https://s3.amazonaws.com/repo.deb.cyberduck.io nightly main"
 > /etc/apt/sources.list.d/cyberduck.list
 echo -e "deb https://s3.amazonaws.com/repo.deb.cyberduck.io stable main"
 >> /etc/apt/sources.list.d/cyberduck.list
 apt-key adv --keyserver keyserver.ubuntu.com --recv-keys FE7097963FEFBE72
 apt-get update
 }}}

 Results:


 {{{
 Ign:1 https://s3.amazonaws.com/repo.deb.cyberduck.io nightly InRelease
 Hit:2 http://security.ubuntu.com/ubuntu bionic-security InRelease
 Hit:3 http://archive.ubuntu.com/ubuntu bionic InRelease
 Ign:4 https://s3.amazonaws.com/repo.deb.cyberduck.io stable InRelease
 Hit:5 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
 Err:6 https://s3.amazonaws.com/repo.deb.cyberduck.io nightly Release
   Certificate verification failed: The certificate is NOT trusted. The
 certificate issuer is unknown.  Could not handshake: Error in the
 certificate verification. [IP: 52.216.32.43 443]
 Hit:7 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
 Err:8 https://s3.amazonaws.com/repo.deb.cyberduck.io stable Release
   Certificate verification failed: The certificate is NOT trusted. The
 certificate issuer is unknown.  Could not handshake: Error in the
 certificate verification. [IP: 52.216.32.43 443]
 Reading package lists... Done
 W: https://s3.amazonaws.com/repo.deb.cyberduck.io/dists/nightly/InRelease:
 No system certificates available. Try installing ca-certificates.
 W: https://s3.amazonaws.com/repo.deb.cyberduck.io/dists/stable/InRelease:
 No system certificates available. Try installing ca-certificates.
 W: https://s3.amazonaws.com/repo.deb.cyberduck.io/dists/nightly/Release:
 No system certificates available. Try installing ca-certificates.
 E: The repository 'https://s3.amazonaws.com/repo.deb.cyberduck.io nightly
 Release' does not have a Release file.
 N: Updating from such a repository can't be done securely, and is
 therefore disabled by default.
 N: See apt-secure(8) manpage for repository creation and user
 configuration details.
 W: https://s3.amazonaws.com/repo.deb.cyberduck.io/dists/stable/Release: No
 system certificates available. Try installing ca-certificates.
 E: The repository 'https://s3.amazonaws.com/repo.deb.cyberduck.io stable
 Release' does not have a Release file.
 N: Updating from such a repository can't be done securely, and is
 therefore disabled by default.
 N: See apt-secure(8) manpage for repository creation and user
 configuration details.
 }}}

--

Comment (by patakijv):

 Apparently since this was a bare bones server setup it needed that ca-
 certificate setup first.

 Adding the following to my setup resolved the issue:
 {{{
 apt-get install -y ca-certificates
 }}}

 FWIW,

 There were also some other dependencies required that are not already
 installed in a fresh install. (sudo, gnupg)

 So my full commands from a fresh install of Ubuntu 18.04 are now:

 {{{
 export DEBIAN_FRONTEND=noninteractive
 apt-get -y update && apt-get install -y sudo apt-utils gnupg ca-
 certificates
 echo deb https://s3.amazonaws.com/repo.deb.cyberduck.io stable main >>
 /etc/apt/sources.list.d/cyberduck.list
 apt-key adv --keyserver keyserver.ubuntu.com --recv-keys FE7097963FEFBE72
 apt-get -y update
 apt-get -y install duck
 }}}

 In case it is useful, I also found that if ca-certificates was already
 installed and this problem existed, you can do a clear and reinstall of
 ca-certificates: https://stackoverflow.com/a/29319873

--
Ticket URL: <https://trac.cyberduck.io/ticket/10448#comment:4>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list