You are not logged in.
- Topics: Active | Unanswered
#1 2025-03-18 10:09:08
- Abhinav
- Member
- Registered: 2025-03-18
- Posts: 8
[Solved] Can't connect to HTTPs servers in pacman
When running
pacman -SyuI get the error
error: failed retrieving file 'core.db' from geo.mirror.pkgbuild.com : error setting certificate file: /etc/ssl/certs/ca-certificates.crt
error: failed retrieving file 'extra.db' from geo.mirror.pkgbuild.com : error setting certificate file: /etc/ssl/certs/ca-certificates.crt
error: failed retrieving file 'multilib.db' from geo.mirror.pkgbuild.com : error setting certificate file: /etc/ssl/certs/ca-certificates.crt
warning: too many errors from geo.mirror.pkgbuild.com, skipping for the remainder of this transaction
error: failed retrieving file 'extra.db' from ftpmirror.infania.net : error setting certificate file: /etc/ssl/certs/ca-certificates.crt
error: failed retrieving file 'multilib.db' from ftpmirror.infania.net : error setting certificate file: /etc/ssl/certs/ca-certificates.crt
error: failed retrieving file 'core.db' from ftpmirror.infania.net : error setting certificate file: /etc/ssl/certs/ca-certificates.crt
warning: too many errors from ftpmirror.infania.net, skipping for the remainder of this transaction
Doing
--debug
Thing to noteworthy are. Note I have only included for core database as the result for extra and multilib is the same
debug: config: new section 'core'
debug: config file /etc/pacman.conf, line 79: including /etc/pacman.d/mirrorlist
...
debug: registering sync database 'core'
debug: database path for tree core set to /var/lib/pacman/sync/core.db
debug: "/var/lib/pacman/sync/core.db.sig" is not readable: No such file or directory
...
debug: got error 43 at _alpm_gpgme_checksig (../lib/libalpm/signing.c: 599) : missing PGP signature
debug: missing optional signature
debug: setting usage of 15 for core repository
debug: adding new server URL to database 'core': https://geo.mirror.pkgbuild.com/core/os/x86_64
debug: adding new server URL to database 'core': https://ftpmirror.infania.net/mirror/ar … /os/x86_64
debug: adding new server URL to database 'core': http://mirror.rackspace.com/archlinux/core/os/x86_64
debug: adding new server URL to database 'core': https://mirror.rackspace.com/archlinux/core/os/x86_64
...
error: failed retrieving file 'core.db' from geo.mirror.pkgbuild.com : error setting certificate file: /etc/ssl/certs/ca-certificates.crt
debug: core.db: retrying from https://ftpmirror.infania.net/mirror/ar … 64/core.db
debug: extra.db: curl returned result 77 from transfer
...
debug: core.db: curl returned result 0 from transfer
debug: core.db: response code 304
debug: core.db.sig: url is http://mirror.rackspace.com/archlinux/c … ore.db.sig
debug: core.db.sig: maxsize 16384
debug: core.db.sig: opened tempfile for download: /var/lib/pacman/sync/download-rdrjn7/core.db.sig.part (wb)
debug: core.db: file met time condition
...
debug: "/var/lib/pacman/sync/core.db.sig" is not readable: No such file or directory
debug: sig path /var/lib/pacman/sync/core.db.sig could not be opened
debug: got error 43 at _alpm_gpgme_checksig (../lib/libalpm/signing.c: 599) : missing PGP signature
debug: missing optional signature
...
debug: unregistering database 'local
Solutions I have tried
1. Resyncing the clock
I have resyned the clock using
ntpd -qg
followed by
hwclock -w
Nothing changes
2.
# pacman -Sy --needed archlinux-keyring && pacman -Su
Nothing changes
3. Clear the cache
# paccache -r
Nothing changes
4. Resetting all the keys
Deleted
/etc/pacman.d/gnupg
. Then did
# pacman-key --init then followed by
# pacman-key --populate This result in some errors during repopulating the keys
==> Disabling revoked keys in keyring...
-> Disabled 48 keys.
==> Updating trust database...
gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
gpg: (use option "--allow-weak-key-signatures" to override)
gpg: marginals needed: 3 completes needed: 1 trust model: pgp5. Refresh the keys
This results in
gpg: error retrieving '<user>@<email address>' via WKD: General error
gpg: error reading key: General error
gpg: error retrieving '<user>@archlinux.org' via WKD: General error
gpg: error reading key: General error
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: keyserver refresh failed: General error
For all keys
If I use servers that are HTTP I can install programs but I still get
error: failed retrieving file 'ntp-4.2.8.p18-2-x86_64.pkg.tar.zst' from geo.mirror.pkgbuild.com : error setting certificate file: /etc/ssl/certs/ca-certificates.crt
error: failed retrieving file 'ntp-4.2.8.p18-2-x86_64.pkg.tar.zst' from ftpmirror.infania.net : error setting certificate file: /etc/ssl/certs/ca-certificates.crtNote:
curl -o /dev/null -v www.archlinux.orgresults in
$ curl -o /dev/null -v www.archlinux.org
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Host www.archlinux.org:80 was resolved.
* IPv6: 2a01:4f9:c010:6b1f::1
* IPv4: 95.217.163.246
* Trying [2a01:4f9:c010:6b1f::1]:80...
* Trying 95.217.163.246:80...
* Connected to www.archlinux.org (2a01:4f9:c010:6b1f::1) port 80
* using HTTP/1.x
> GET / HTTP/1.1
> Host: www.archlinux.org
> User-Agent: curl/8.12.1
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 301 Moved Permanently
< Server: nginx
< Date: Tue, 18 Mar 2025 10:14:54 GMT
< Content-Type: text/html
< Content-Length: 162
< Connection: keep-alive
< Location: https://www.archlinux.org/
<
{ [162 bytes data]
100 162 100 162 0 0 356 0 --:--:-- --:--:-- --:--:-- 356
* Connection #0 to host www.archlinux.org left intactbut
curl -o /dev/null -v https://mirror.rackspace.com/archlinux/core/os/x86_64/core.db
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Host mirror.rackspace.com:443 was resolved.
* IPv6: (none)
* IPv4: 180.150.156.88
* Trying 180.150.156.88:443...
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* error setting certificate file: /etc/ssl/certs/ca-certificates.crt
* error setting certificate file: /etc/ssl/certs/ca-certificates.crt
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* closing connection #0
curl: (77) error setting certificate file: /etc/ssl/certs/ca-certificates.crtSame occurs for all HTTPs servers I have tested.
Last edited by Abhinav (2025-03-18 11:01:41)
Offline
#2 2025-03-18 10:13:51
- gromit
- Package Maintainer (PM)
- From: Germany
- Registered: 2024-02-10
- Posts: 1,147
- Website
Re: [Solved] Can't connect to HTTPs servers in pacman
Could you post the outputs of "ls -l /etc/ssl/certs/ca-certificates.crt" aswell as "pacman -Qqo /etc/ssl/certs/ca-certificates.crt"?
Offline
#3 2025-03-18 10:20:12
- Abhinav
- Member
- Registered: 2025-03-18
- Posts: 8
Re: [Solved] Can't connect to HTTPs servers in pacman
ls -l /etc/ssl/certs/ca-certificates.crt results in
lrwxrwxrwx 1 root root 49 Jun 19 2024 /etc/ssl/certs/ca-certificates.crt -> ../../ca-certificates/extracted/tls-ca-bundle.pem Note: Both files are empty
$ pacman -Qqo /etc/ssl/certs/ca-certificates.crt
ca-certificates-utilsAlso
$ pacman -Qi ca-certificates-utils
Name : ca-certificates-utils
Version : 20240618-1
Description : Common CA certificates (utilities)
Architecture : any
URL : https://src.fedoraproject.org/rpms/ca-certificates
Licenses : GPL-2.0-or-later
Groups : None
Provides : ca-certificates ca-certificates-java
Depends On : bash coreutils findutils p11-kit
Optional Deps : None
Required By : curl jdk-openjdk jdk11-openjdk jre8-openjdk-headless neon python-certifi python-requests qca-qt5 qca-qt6
Optional For : lib32-openssl openssl wget
Conflicts With : ca-certificates-java
Replaces : ca-certificates-java
Installed Size : 13.63 KiB
Packager : Jan Alexander Steffens (heftig) <heftig@archlinux.org>
Build Date : Wed 19 Jun 2024 12:21:40 AM +0545
Install Date : Thu 27 Feb 2025 10:01:17 PM +0545
Install Reason : Installed as a dependency for another package
Install Script : Yes
Validated By : SignatureLast edited by Abhinav (2025-03-18 10:25:55)
Offline
#4 2025-03-18 10:37:21
- schard
- Forum Moderator
- From: Hannover
- Registered: 2016-05-06
- Posts: 2,269
- Website
Re: [Solved] Can't connect to HTTPs servers in pacman
# pacman -Qikk ca-certificates-utilsShould yield
ca-certificates-utils: 33 total files, 0 altered filesEdit: The files sure should not be empty. Try reinstalling said package.
Inofficial first vice president of the Rust Evangelism Strike Force
Offline
#5 2025-03-18 10:43:36
- Abhinav
- Member
- Registered: 2025-03-18
- Posts: 8
Re: [Solved] Can't connect to HTTPs servers in pacman
ca-certificates-utils: 33 total files, 0 altered files
Before reinstalling:
ca-certificates-utils: 33 total files, 0 altered filesAfter reinstalling:
ca-certificates-utils: 33 total files, 0 altered filesStill doesn't work running
# pacman -SyuSame error
Also
cat /etc/ca-certificates/extracted/tls-ca-bundle.pem The file is still empty
Last edited by Abhinav (2025-03-18 10:45:53)
Offline
#6 2025-03-18 10:50:19
- schard
- Forum Moderator
- From: Hannover
- Registered: 2016-05-06
- Posts: 2,269
- Website
Re: [Solved] Can't connect to HTTPs servers in pacman
# /usr/bin/update-ca-trustStill empty after that?
# pacman -Qikk ca-certificates-mozillaAnd reinstall if broken.
Inofficial first vice president of the Rust Evangelism Strike Force
Offline
#7 2025-03-18 10:58:12
- Abhinav
- Member
- Registered: 2025-03-18
- Posts: 8
Re: [Solved] Can't connect to HTTPs servers in pacman
# /usr/bin/update-ca-trustStill empty after that?
Yes, it is still empty.
Running
update-ca-trust -o ~/keysand checking the files
only
java-cacerts.jkshas data in it other all files are empty.
I don't have ca-certificates-mozilla should I install it?
Offline
#8 2025-03-18 10:59:33
- Abhinav
- Member
- Registered: 2025-03-18
- Posts: 8
Re: [Solved] Can't connect to HTTPs servers in pacman
Installing ca-certificates-mozilla fixed everything.
Thank you
Offline
#9 2025-03-18 12:27:11
- schard
- Forum Moderator
- From: Hannover
- Registered: 2016-05-06
- Posts: 2,269
- Website
Re: [Solved] Can't connect to HTTPs servers in pacman
Great. You should also check, that you have the meta packet ca-certificates installed, which currently defaults to pulling in ca-certificates-mozilla.
Inofficial first vice president of the Rust Evangelism Strike Force
Offline
#10 2025-03-19 10:58:04
- Abhinav
- Member
- Registered: 2025-03-18
- Posts: 8
Re: [Solved] Can't connect to HTTPs servers in pacman
Was not installed I installed it.
Offline
#11 2025-03-19 11:01:30
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 12,777
Re: [Solved] Can't connect to HTTPs servers in pacman
Was not installed I installed it.
How? It's required by curl, which is required by pacman.
Offline
#12 2025-03-19 11:26:42
- schard
- Forum Moderator
- From: Hannover
- Registered: 2016-05-06
- Posts: 2,269
- Website
Re: [Solved] Can't connect to HTTPs servers in pacman
Maybe like this:
~> pacman -Rncs ca-certificates-mozilla
checking dependencies...
:: lib32-openssl optionally requires ca-certificates
:: openssl optionally requires ca-certificates
:: wget optionally requires ca-certificates: HTTPS downloads
Packages (2) ca-certificates-20240618-1 ca-certificates-mozilla-3.109-1
Total Removed Size: 1.04 MiB
:: Do you want to remove these packages? [Y/n]
:: Processing package changes...
(1/2) removing ca-certificates [########################################] 100%
(2/2) removing ca-certificates-mozilla [########################################] 100%
:: Running post-transaction hooks...
(1/2) Arming ConditionNeedsUpdate...
(2/2) Rebuilding certificate stores...
~> pacman -Qi curl
Name : curl
Version : 8.12.1-1
Description : command line tool and library for transferring data with URLs
Architecture : x86_64
URL : https://curl.se/
Licenses : MIT
Groups : None
Provides : libcurl.so=4-64
Depends On : ca-certificates brotli libbrotlidec.so=1-64 krb5 libgssapi_krb5.so=2-64 libidn2 libidn2.so=0-64
libnghttp2 libnghttp2.so=14-64 libnghttp3 libnghttp3.so=9-64 libpsl libpsl.so=5-64 libssh2
libssh2.so=1-64 zlib libz.so=1-64 zstd libzstd.so=1-64 openssl libcrypto.so=3-64
libssl.so=3-64
Optional Deps : None
Required By : clamav devtools git lib32-curl libelf pacman php php-legacy rust tpm2-tss
Optional For : mariadb nextcloud pciutils systemd
Conflicts With : None
Replaces : None
Installed Size : 1998.51 KiB
Packager : Christian Hesse <eworm@archlinux.org>
Build Date : Thu Feb 13 08:30:39 2025
Install Date : Fri Feb 14 23:29:21 2025
Install Reason : Installed as a dependency for another package
Install Script : No
Validated By : Signature
~> 03/19/2025 12:26:14 PMI'm not sure whether this is supposed to happen, though.
Looks like a bug in pacman's recursive resolver.
#allanbrokeit
Nope:
~> pacman -Qi ca-certificates
Name : ca-certificates-utils
Version : 20240618-1
Description : Common CA certificates (utilities)
Architecture : any
URL : https://src.fedoraproject.org/rpms/ca-certificates
Licenses : GPL-2.0-or-later
Groups : None
Provides : ca-certificates ca-certificates-java
Depends On : bash coreutils findutils p11-kit
Optional Deps : None
Required By : certbot curl jre-openjdk jre21-openjdk-headless python-requests
Optional For : lib32-openssl openssl wget
Conflicts With : ca-certificates-java
Replaces : ca-certificates-java
Installed Size : 13.63 KiB
Packager : Jan Alexander Steffens (heftig) <heftig@archlinux.org>
Build Date : Tue Jun 18 20:36:40 2024
Install Date : Thu Jun 20 21:38:29 2024
Install Reason : Installed as a dependency for another package
Install Script : Yes
Validated By : Signatureca-certificates-utils also provides ca-certificates. Hence you can remove the actual certificates provided by the -mozilla package and the meta-package respectively.
Looks more like borked packaging.
Inofficial first vice president of the Rust Evangelism Strike Force
Offline
#13 2025-03-19 17:46:20
- Abhinav
- Member
- Registered: 2025-03-18
- Posts: 8
Re: [Solved] Can't connect to HTTPs servers in pacman
Maybe but one possible alternative could be I was running
ml4w-hyprland-setupThen I SIGINT.
After that this bug occurred next time I did a
yay -Syu.
Maybe that did something cause I interrupted the script at a specific time.
EDIT:
I just checked
/var/log/pacman.logand I am pretty sure this is what happened.
[2025-03-18T13:33:13+0545] [ALPM] transaction started
[2025-03-18T13:33:13+0545] [ALPM] removed wlogout-debug (1.2.2-0)
[2025-03-18T13:33:13+0545] [ALPM] removed scdoc (1.11.3-1)
[2025-03-18T13:33:13+0545] [ALPM] removed python-poetry-core (2.1.1-1)
[2025-03-18T13:33:13+0545] [ALPM] removed python-lark-parser (1.2.2-3)
[2025-03-18T13:33:13+0545] [ALPM] removed python-installer (0.7.0-10)
[2025-03-18T13:33:13+0545] [ALPM] removed python-hatchling (1.27.0-1)
[2025-03-18T13:33:13+0545] [ALPM] removed python-trove-classifiers (2025.3.3.18-1)
[2025-03-18T13:33:13+0545] [ALPM] removed python-pluggy (1.5.0-3)
[2025-03-18T13:33:13+0545] [ALPM] removed python-pathspec (0.12.1-3)
[2025-03-18T13:33:13+0545] [ALPM] removed python-editables (0.5-5)
[2025-03-18T13:33:13+0545] [ALPM] removed python-build (1.2.2-3)
[2025-03-18T13:33:13+0545] [ALPM] removed python-pyproject-hooks (1.2.0-3)
[2025-03-18T13:33:13+0545] [ALPM] removed pulse-native-provider (1:1.4.1-1)
[2025-03-18T13:33:13+0545] [ALPM] removed pacseek-debug (1.8.5-1)
[2025-03-18T13:33:13+0545] [ALPM] removed oh-my-posh-bin-debug (25.4.3-1)
[2025-03-18T13:33:13+0545] [ALPM] removed moar-debug (1.31.4-2)
[2025-03-18T13:33:13+0545] [ALPM] removed meson (1.7.0-1)
[2025-03-18T13:33:13+0545] [ALPM] removed python-tqdm (4.67.1-2)
[2025-03-18T13:33:13+0545] [ALPM] removed ninja (1.12.1-2)
[2025-03-18T13:33:13+0545] [ALPM] removed dbus-units (36-4)
[2025-03-18T13:33:13+0545] [ALPM] removed ca-certificates (20240618-1)
[2025-03-18T13:33:13+0545] [ALPM] removed ca-certificates-mozilla (3.109-1)
[2025-03-18T13:33:13+0545] [ALPM] transaction completedThen I reinstalled at
[2025-03-18T16:41:56+0545] [PACMAN] Running 'pacman -S ca-certificates-mozilla'Other packages it removed in the same transaction are also deleted.
Last edited by Abhinav (2025-03-19 18:04:08)
Offline