HI John,
I did reinstall openssl pkg on the linux server and
that seems to have worked and I am able to add squid repo.
But while installing ceph-common pkg . I am getting below error :-
cephadm install ceph-common
Installing packages ['ceph-common']...
Non-zero exit code 1 from yum install -y ceph-common
yum: stdout Last metadata expiration check: 0:06:18 ago on Wednesday 30
July 2025 10:09:50 AM.
yum: stdout (try to add '--skip-broken' to skip uninstallable packages or
'--nobest' to use not only best candidate packages)
yum: stderr Error:
yum: stderr Problem: conflicting requests
yum: stderr - nothing provides libcrypto.so.3(OPENSSL_3.4.0)(64bit)
needed by ceph-common-2:19.2.3-0.el9.x86_64 from Ceph
Traceback (most recent call last):
File "/usr/lib64/python3.9/runpy.py", line 197, in _run_module_as_main
return _run_code(code, main_globals, None,
File "/usr/lib64/python3.9/runpy.py", line 87, in _run_code
exec(code, run_globals)
File "/usr/sbin/cephadm/__main__.py", line 5581, in <module>
File "/usr/sbin/cephadm/__main__.py", line 5569, in main
File "/usr/sbin/cephadm/__main__.py", line 4588, in command_install
File "/usr/sbin/cephadm/cephadmlib/packagers.py", line 458, in install
File "/usr/sbin/cephadm/cephadmlib/call_wrappers.py", line 307, in
call_throws
RuntimeError: Failed command: yum install -y ceph-common: Last metadata
expiration check: 0:06:18 ago on Wednesday 30 July 2025 10:09:50 AM.
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to
use not only best candidate packages)
Thanks,
Gagan
On Wed, Jul 30, 2025 at 9:18 AM gagan tiwari <
gagan.tiwari@xxxxxxxxxxxxxxxxxx> wrote:
> HI John,
> Yes. This command met with the same SSL Certificate
> issue. Here is output :-
>
> python3 -c 'import urllib.request; print(len(urllib.request.urlopen("
> https://download.ceph.com";).read()))'
> Traceback (most recent call last):
> File "/usr/lib64/python3.9/urllib/request.py", line 1346, in do_open
> h.request(req.get_method(), req.selector, req.data, headers,
> File "/usr/lib64/python3.9/http/client.py", line 1285, in request
> self._send_request(method, url, body, headers, encode_chunked)
> File "/usr/lib64/python3.9/http/client.py", line 1331, in _send_request
> self.endheaders(body, encode_chunked=encode_chunked)
> File "/usr/lib64/python3.9/http/client.py", line 1280, in endheaders
> self._send_output(message_body, encode_chunked=encode_chunked)
> File "/usr/lib64/python3.9/http/client.py", line 1040, in _send_output
> self.send(msg)
> File "/usr/lib64/python3.9/http/client.py", line 980, in send
> self.connect()
> File "/usr/lib64/python3.9/http/client.py", line 1454, in connect
> self.sock = self._context.wrap_socket(self.sock,
> File "/usr/lib64/python3.9/ssl.py", line 501, in wrap_socket
> return self.sslsocket_class._create(
> File "/usr/lib64/python3.9/ssl.py", line 1074, in _create
> self.do_handshake()
> File "/usr/lib64/python3.9/ssl.py", line 1343, in do_handshake
> self._sslobj.do_handshake()
> ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate
> verify failed: unable to get local issuer certificate (_ssl.c:1147)
>
> During handling of the above exception, another exception occurred:
>
>
> Please let me know how to get around this as I need to install Ceph
> cluster at the earliest.
>
> Thanks,
> Gagan
>
> On Tue, Jul 29, 2025 at 9:26 PM John Mulligan <
> phlogistonjohn@xxxxxxxxxxxxx> wrote:
>
>> On Tuesday, July 29, 2025 10:50:06 AM Eastern Daylight Time gagan tiwari
>> wrote:
>> > Hi John,
>> > Thanks for reply!
>> >
>> > curl seems to be working fine. Here is output of the command :-
>> >
>> > curl https://download.ceph.com
>> > <html>
>> > <head><title>Index of /</title></head>
>> > <body>
>> > <h1>Index of /</h1><hr><pre><a href="../">../</a>
>> > <a href="archive/">archive/</a>
>> > 13-Nov-2024 03:25 -
>> > <a href="calamari/">calamari/</a>
>> > 29-Oct-2015 18:40 -
>> > <a href="ceph-iscsi/">ceph-iscsi/</a>
>> > 22-May-2024 03:18 -
>> > <a href="cephmetrics/">cephmetrics/</a>
>> > 29-Jun-2017 22:07 -
>> > <a href="cloudinit/">cloudinit/</a>
>> > 11-Aug-2020 14:47 -
>> > <a href="debian-15.1.0/">debian-15.1.0/</a>
>> > 13-Mar-2020 22:19 -
>> > <a href="debian-15.1.1/">debian-15.1.1/</a>
>> > 13-Mar-2020 22:21 -
>> > <a href="debian-15.2.0/">debian-15.2.0/</a>
>> > 23-Mar-2020 22:43 -
>> > <a href="debian-15.2.1/">debian-15.2.1/</a>
>> > 09-Apr-2020 16:11 -
>> > <a href="debian-15.2.10/">debian-15.2.10/</a>
>> > 18-Mar-2021 13:41 -
>> > <a href="debian-15.2.11/">debian-15.2.11/</a>
>> > 19-Apr-2021 22:17 -
>> > <a href="debian-15.2.12/">debian-15.2.12/</a>
>> > 13-May-2021 23:06 -
>> > <a href="debian-15.2.13/">debian-15.2.13/</a>
>> > 26-May-2021 22:26 -
>> > <a href="debian-15.2.14/">debian-15.2.14/</a>
>> > 05-Aug-2021 21:32 -
>> > <a href="debian-15.2.15/">debian-15.2.15/</a>
>> > 20-Oct-2021 18:33 -
>> > <a href="debian-15.2.16/">debian-15.2.16/</a>
>> > 01-Mar-2022 12:18 -
>> > <a href="debian-15.2.17/">debian-15.2.17/</a>
>> > 09-Aug-2022 20:59
>> >
>> >
>> > I have tried to install the latest version of squid 19.2.3 and 19.2.2.
>> > Facing the same SSL issue with both versions.
>> >
>> > Thanks,
>> > Gagan
>> >
>>
>> It dawns on me that curl might not be the best test as I think it can use
>> a different cert bundle by default.
>>
>> Does this command fail the same way as cephadm?
>> ```
>> python3 -c 'import urllib.request; print(len(urllib.request.urlopen("
>> https://download.ceph.com";).read()))'
>> ```
>>
>>
>> PS. Please keep the list CC'ed. We want others to be able to help as well
>> and keep a record of what was discussed.
>>
>>
>>
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
