You are not logged in.
- Topics: Active | Unanswered
#1 2020-10-19 06:16:32
- yuntan_t
- Member
- Registered: 2019-10-14
- Posts: 8
x509: certificate has expired or is not yet valid at aur.archlinux.org
When I tried to update AUR packages, I got following error.
yay -S google-chrome
Get "https://aur.archlinux.org/rpc.php?arg%5B%5D=google-chrome&type=info&v=5": x509: certificate has expired or is not yet valid: current time 2020-10-17T20:00:27+09:00 is after 2020-10-02T09:33:41ZThen I tried to open aur.archlinux.org by Chrome, but I cannot view due to certificate error.
date is correct. My system is up-to-date. I can open aur.archlinux.org using my another laptop (Chromebook) from same network. So what's wrong with my system?
Offline
#2 2020-10-19 06:22:09
- GaKu999
- Member
- From: US/Eastern
- Registered: 2020-06-21
- Posts: 696
Re: x509: certificate has expired or is not yet valid at aur.archlinux.org
When I tried to update AUR packages, I got following error.
yay -S google-chrome Get "https://aur.archlinux.org/rpc.php?arg%5B%5D=google-chrome&type=info&v=5": x509: certificate has expired or is not yet valid: current time 2020-10-17T20:00:27+09:00 is after 2020-10-02T09:33:41ZThen I tried to open aur.archlinux.org by Chrome, but I cannot view due to certificate error.
date is correct. My system is up-to-date. I can open aur.archlinux.org using my another laptop (Chromebook) from same network. So what's wrong with my system?
Post output of:
pacman -Qkk ca-certificates?
Offline
#3 2020-10-19 06:23:41
- yuntan_t
- Member
- Registered: 2019-10-14
- Posts: 8
Re: x509: certificate has expired or is not yet valid at aur.archlinux.org
pacman -Qkk ca-certificates
ca-certificates: 0 total files, 0 altered filesOffline
#4 2020-10-19 06:25:20
- progandy
- Member
- Registered: 2012-05-17
- Posts: 5,279
Re: x509: certificate has expired or is not yet valid at aur.archlinux.org
Both dates in your yay output don't make sense if you created it today. It is the 19th, not 17th and the aur certificate is valid until december.
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
#5 2020-10-19 06:29:01
- yuntan_t
- Member
- Registered: 2019-10-14
- Posts: 8
Re: x509: certificate has expired or is not yet valid at aur.archlinux.org
Update output to what I get just now
yay -S google-chrome
Get "https://aur.archlinux.org/rpc.php?arg%5B%5D=google-chrome&type=info&v=5": x509: certificate has expired or is not yet valid: current time 2020-10-19T15:28:28+09:00 is after 2020-10-02T09:33:41ZOffline
#6 2020-10-19 06:36:24
- progandy
- Member
- Registered: 2012-05-17
- Posts: 5,279
Re: x509: certificate has expired or is not yet valid at aur.archlinux.org
Does the DNS resolve correctly?
$ dig +short AAAA aur.archlinux.org
2a01:4f9:c010:50::1
$ dig +short A aur.archlinux.org
95.216.144.15And this should be the certificate information that curl displays:
$ curl -vI https://aur.archlinux.org
...
* Server certificate:
* subject: CN=aur.archlinux.org
* start date: Sep 16 18:53:30 2020 GMT
* expire date: Dec 15 18:53:30 2020 GMT
* subjectAltName: host "aur.archlinux.org" matched cert's "aur.archlinux.org"
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
...| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
#7 2020-10-19 06:42:16
- yuntan_t
- Member
- Registered: 2019-10-14
- Posts: 8
Re: x509: certificate has expired or is not yet valid at aur.archlinux.org
$ dig +short AAAA aur.archlinux.org
2a01:4f9:c010:50::1
$ dig +short A aur.archlinux.org
95.216.144.15
$ curl -vI https://aur.archlinux.org
* Trying 5.9.250.164:443...
* Connected to aur.archlinux.org (5.9.250.164) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, certificate expired (557):
* SSL certificate problem: certificate has expired
* Closing connection 0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.Offline
#8 2020-10-19 06:45:11
- progandy
- Member
- Registered: 2012-05-17
- Posts: 5,279
Re: x509: certificate has expired or is not yet valid at aur.archlinux.org
Why does curl try to connect to 5.9.250.164? Do you have a proxy set up or an entry in /etc/hosts?
As far as I know, that IP is not used by the AUR servers anymore.
Last edited by progandy (2020-10-19 06:50:01)
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
#9 2020-10-19 06:55:42
- yuntan_t
- Member
- Registered: 2019-10-14
- Posts: 8
Re: x509: certificate has expired or is not yet valid at aur.archlinux.org
$ cat /etc/hosts
#
# /etc/hosts: static lookup table for host names
#
#<ip-address> <hostname.domain.org> <hostname>
127.0.0.1 localhost.localdomain localhost
::1 localhost.localdomain localhost
5.9.250.164 aur.archlinux.org
# End of fileRemoving a line solved the problem, but I don't remember why /etc/hosts modified. Thank you!
Offline