On an existing system running 8.12, I'm getting this error:
dnf --enablerepo=elasticsearch update
Elasticsearch repository for 8.x packages 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository 'elasticsearch':
Curl error (60): SSL peer certificate or SSH remote key was not OK for https://artifacts.elastic.co/packages/8.x/yum/repodata/repomd.xml [SSL certificate problem: certificate is not yet valid]
Error: Failed to download metadata for repo 'elasticsearch': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Are you sure your system clock is accurate? SSL certificate problem: certificate is not yet valid implies that it thinks the certificate validity starts in the future, but it definitely doesn't:
$ openssl s_client -showcerts -host artifacts.elastic.co -port 443 | openssl x509 -noout -text | grep 'Not Before'
Warning: Reading certificate from stdin since no -in or -new option is given
depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1
verify return:1
depth=1 C=US, O=Let's Encrypt, CN=R3
verify return:1
depth=0 CN=elastic.co
verify return:1
Not Before: Feb 23 17:52:22 2024 GMT
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.