Hey EPEL users,
First, apologies if I'm sending this to the wrong list, first time sending to a Fedora list.
Recently I ran into a problem with using EPEL on Centos (release 6.7 Final on OpenStack), I have been getting "Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again". Being a sysadmin my first point of call was to google it and hey presto, it seems to be a HTTPS issue.
So I updated the ca-certificates package as recommended (updated to Version : 2015.2.6, Release : 65.0.1.el6_7) and sadly this has had no effect, even after running clean all and makecache. Digging a bit deeper I ran a openssl check [1] (openssl s_client -connect mirrors.fedoraproject.org:443) and it shows what I expected and making a call to the mirror list via call succeeds with no certificate errors.
I'm now stuck on what to do and would prefer not to change it to HTTP or add "verifyssl=false", would anyone be able to point me in the right direction to fix this?
Kind regards,
Liam Haworth.
[1] http://pastebin.com/U541yUpR
On 28 April 2016 at 20:04, Liam Haworth liam.haworth@bluereef.com.au wrote:
Hey EPEL users,
First, apologies if I'm sending this to the wrong list, first time sending to a Fedora list.
Recently I ran into a problem with using EPEL on Centos (release 6.7 Final on OpenStack), I have been getting "Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again". Being a sysadmin my first point of call was to google it and hey presto, it seems to be a HTTPS issue.
OK there can be several reasons this occurred. One is that there is a hidden proxy or network security tool in between you and the mirror server. The second is that the config is not the Fedora EPEL one but is provided by someone else and sort of kind of works
[epel] name=Extra Packages for Enterprise Linux 6 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch failovermethod=priority enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
[epel-debuginfo] name=Extra Packages for Enterprise Linux 6 - $basearch - Debug #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basea... failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 gpgcheck=1
[epel-source] name=Extra Packages for Enterprise Linux 6 - $basearch - Source #baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$base... failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 gpgcheck=1
I just tested this above and it works without errors.
So I updated the ca-certificates package as recommended (updated to Version : 2015.2.6, Release : 65.0.1.el6_7) and sadly this has had no effect, even after running clean all and makecache. Digging a bit deeper I ran a openssl check [1] (openssl s_client -connect mirrors.fedoraproject.org:443) and it shows what I expected and making a call to the mirror list via call succeeds with no certificate errors.
I'm now stuck on what to do and would prefer not to change it to HTTP or add "verifyssl=false", would anyone be able to point me in the right direction to fix this?
Kind regards,
Liam Haworth.
[1] http://pastebin.com/U541yUpR
Liam Haworth | Junior Software Engineer | www.bluereef.com.au _________________________________________________________________ T: +61 3 9898 8000 | F: +61 3 9898 8055
epel-users mailing list epel-users@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/epel-users@lists.fedoraproject.or...
epel-users@lists.fedoraproject.org