You are not logged in.

#1 2017-04-07 22:54:02

GreenRaccoon23
Member
Registered: 2014-09-27
Posts: 33

[SOLVED] ca-certificates-mozilla Error

I'm getting these 2 errors after upgrading 'ca-certificates', 'ca-certificates-utils', and 'ca-certificates-mozilla':

p11-kit: mozilla.trust.p11-kit: nss-mozilla-ca-policy: invalid or unsupported attribute
curl error: Peer certificate cannot be authenticated with given CA certificates

Here's what I did.

I tried updating my packages:

$ yaourt -Syua;

Some of the packages to be upgraded were 'ca-certificates', 'ca-certificates-utils', and 'ca-certificates-mozilla'. I received this error:

:: Proceed with installation? [Y/n] y
(174/174) checking keys in keyring                 [######################] 100%
(174/174) checking package integrity               [######################] 100%
(174/174) loading package files                    [######################] 100%
(174/174) checking for file conflicts              [######################] 100%
error: failed to commit transaction (conflicting files)
ca-certificates-utils: /etc/ssl/certs/ca-certificates.crt exists in filesystem
Errors occurred, no packages were upgraded.

So I tried removing them:

$ sudo pacman -Rns ca-certificates ca-certificates-utils ca-certificates-mozilla
checking dependencies...
error: failed to prepare transaction (could not satisfy dependencies)
:: curl: removing ca-certificates breaks dependency 'ca-certificates'
:: glib-networking: removing ca-certificates breaks dependency 'ca-certificates'
:: jre7-openjdk-headless: removing ca-certificates-utils breaks dependency 'ca-certificates-utils'
:: jre8-openjdk-headless: removing ca-certificates-utils breaks dependency 'ca-certificates-utils'
:: mono: removing ca-certificates breaks dependency 'ca-certificates'
:: neon: removing ca-certificates breaks dependency 'ca-certificates'
:: perl-lwp-protocol-https: removing ca-certificates breaks dependency 'ca-certificates'
:: qca-qt5: removing ca-certificates breaks dependency 'ca-certificates'
:: qt4: removing ca-certificates breaks dependency 'ca-certificates'

Removing those would be rabbit hole nightmare of removing almost all installed packages, so I decided to try to remove the conflicting file manually and then update the ca-certificates packages separately:

$ sudo mv /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt.bak;
$ yaourt -Sa ca-certificates ca-certificates-utils;
...
:: Running post-transaction hooks...
(1/2) Arming ConditionNeedsUpdate...
(2/2) Rebuilding certificate stores...
p11-kit: mozilla.trust.p11-kit: nss-mozilla-ca-policy: invalid or unsupported attribute
p11-kit: mozilla.trust.p11-kit: nss-mozilla-ca-policy: invalid or unsupported attribute
p11-kit: mozilla.trust.p11-kit: nss-mozilla-ca-policy: invalid or unsupported attribute
p11-kit: mozilla.trust.p11-kit: nss-mozilla-ca-policy: invalid or unsupported attribute
p11-kit: mozilla.trust.p11-kit: nss-mozilla-ca-policy: invalid or unsupported attribute
p11-kit: mozilla.trust.p11-kit: nss-mozilla-ca-policy: invalid or unsupported attribute

Yikes that doesn't look right. Now when I try to update, it says this:

$ yaourt -Syua;
:: Synchronizing package databases...
 core is up to date
 extra                   1680.2 KiB  1333K/s 00:01 [######################] 100%
 community                  3.8 MiB  3.58M/s 00:01 [######################] 100%
 multilib                 176.2 KiB  5.74M/s 00:00 [######################] 100%
curl error: Peer certificate cannot be authenticated with given CA certificates
curl error: Peer certificate cannot be authenticated with given CA certificates
curl error: Peer certificate cannot be authenticated with given CA certificates
curl error: Peer certificate cannot be authenticated with given CA certificates
curl error: Peer certificate cannot be authenticated with given CA certificates
curl error: Peer certificate cannot be authenticated with given CA certificates
curl error: Peer certificate cannot be authenticated with given CA certificates
curl error: Peer certificate cannot be authenticated with given CA certificates
curl error: Peer certificate cannot be authenticated with given CA certificates
curl error: Peer certificate cannot be authenticated with given CA certificates
curl error: Peer certificate cannot be authenticated with given CA certificates

That looks concerning. I'm afraid to update anything now before I fix this problem, since these packages are fundamental for so many other ones.

I've tried some solutions suggested elsewhere online without success. I'll list them below.

$ c_rehash;
$ sudo trust extract-compat;
$ sudo update-ca-trust enable;

Is there something wrong with these packages or am I doing something wrong? I'm finding hardly any help online, which leads me to believe the packages are fine.

Last edited by GreenRaccoon23 (2017-04-09 02:50:38)

Offline

#2 2017-04-07 22:57:35

WorMzy
Forum Moderator
From: Scotland
Registered: 2010-06-16
Posts: 11,784
Website

Re: [SOLVED] ca-certificates-mozilla Error

Boot from an Arch liveCD and reinstall the certificate packages using the live environment's pacman and the --root switch.


And next time, follow the news.


EDIT: I read too fast, you didn't actually remove the packages in the end. You just need to move the file you moved back. Then follow the linked instructions.

Last edited by WorMzy (2017-04-07 23:01:14)


Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Online

#3 2017-04-07 23:19:11

GreenRaccoon23
Member
Registered: 2014-09-27
Posts: 33

Re: [SOLVED] ca-certificates-mozilla Error

Thanks! Since I had already upgraded  'ca-certificates', 'ca-certificates-utils', and 'ca-certificates-mozilla', I ran into another problem. I fixed it, but I'll just write it here in case someone else has the problem.

After doing this:

$ sudo pacman -Syuw;
$ sudo mv /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt.bak2;
$ sudo mv /etc/ssl/certs/ca-certificates.crt.bak /etc/ssl/certs/ca-certificates.crt;
$ sudo pacman -Su;

I got this error:

$ yaourt -Syua
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 community is up to date
 multilib is up to date
curl error: Problem with the SSL CA cert (path? access rights?)
curl error: Problem with the SSL CA cert (path? access rights?)
curl error: Problem with the SSL CA cert (path? access rights?)
curl error: Problem with the SSL CA cert (path? access rights?)
curl error: Problem with the SSL CA cert (path? access rights?)
curl error: Problem with the SSL CA cert (path? access rights?)
curl error: Problem with the SSL CA cert (path? access rights?)
curl error: Problem with the SSL CA cert (path? access rights?)
curl error: Problem with the SSL CA cert (path? access rights?)
curl error: Problem with the SSL CA cert (path? access rights?)
curl error: Problem with the SSL CA cert (path? access rights?)
 Foreign packages: / 205 / 205

The fix for this was to reinstall the 'ca-certificates' packages the same way I did before:

$ sudo mv /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt.bak;
$ yaourt -Syua ca-certificates ca-certificates-utils ca-certificates-mozilla;

Last edited by GreenRaccoon23 (2017-04-07 23:20:30)

Offline

#4 2017-04-07 23:50:57

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: [SOLVED] ca-certificates-mozilla Error

Stop using yaourt like it is your package manager, it is not.


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

Board footer

Powered by FluxBB