Is the repo broken?

On an existing system running 8.12, I'm getting this error:

dnf --enablerepo=elasticsearch update
Elasticsearch repository for 8.x packages 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository 'elasticsearch':

  • Curl error (60): SSL peer certificate or SSH remote key was not OK for https://artifacts.elastic.co/packages/8.x/yum/repodata/repomd.xml [SSL certificate problem: certificate is not yet valid]
    Error: Failed to download metadata for repo 'elasticsearch': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

Is their repo broken again?

Are you sure your system clock is accurate? SSL certificate problem: certificate is not yet valid implies that it thinks the certificate validity starts in the future, but it definitely doesn't:

$ openssl s_client -showcerts -host artifacts.elastic.co -port 443 | openssl x509 -noout -text | grep 'Not Before'
Warning: Reading certificate from stdin since no -in or -new option is given
depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1
verify return:1
depth=1 C=US, O=Let's Encrypt, CN=R3
verify return:1
depth=0 CN=elastic.co
verify return:1
            Not Before: Feb 23 17:52:22 2024 GMT

Odd, it was a VM, the host time is correct, but the guest was many weeks behind. Thanks.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.