Re: Getting SSL Certificate Verify failed Error while installation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

some background from the user group meetup.
https://youtu.be/Vcxk0lFa2S8?t=3821

you can check your current openssl with
> openssl version
List all what the package manager as to offer:
> dnf --showduplicates list openssl

"works on my machine" cephadm on Rocky 9.6 OpenSSL 3.2.2 4.



On Wed, 30 Jul 2025 at 06:47, gagan tiwari <gagan.tiwari@xxxxxxxxxxxxxxxxxx>
wrote:

> HI  John,
>                       I did reinstall openssl pkg on the linux server and
> that seems to have worked and I am able to add squid repo.
>
> But while installing ceph-common pkg . I am getting below error :-
>
> cephadm install ceph-common
> Installing packages ['ceph-common']...
> Non-zero exit code 1 from yum install -y ceph-common
> yum: stdout Last metadata expiration check: 0:06:18 ago on Wednesday 30
> July 2025 10:09:50 AM.
> yum: stdout (try to add '--skip-broken' to skip uninstallable packages or
> '--nobest' to use not only best candidate packages)
> yum: stderr Error:
> yum: stderr  Problem: conflicting requests
> yum: stderr   - nothing provides libcrypto.so.3(OPENSSL_3.4.0)(64bit)
> needed by ceph-common-2:19.2.3-0.el9.x86_64 from Ceph
> Traceback (most recent call last):
>   File "/usr/lib64/python3.9/runpy.py", line 197, in _run_module_as_main
>     return _run_code(code, main_globals, None,
>   File "/usr/lib64/python3.9/runpy.py", line 87, in _run_code
>     exec(code, run_globals)
>   File "/usr/sbin/cephadm/__main__.py", line 5581, in <module>
>   File "/usr/sbin/cephadm/__main__.py", line 5569, in main
>   File "/usr/sbin/cephadm/__main__.py", line 4588, in command_install
>   File "/usr/sbin/cephadm/cephadmlib/packagers.py", line 458, in install
>   File "/usr/sbin/cephadm/cephadmlib/call_wrappers.py", line 307, in
> call_throws
> RuntimeError: Failed command: yum install -y ceph-common: Last metadata
> expiration check: 0:06:18 ago on Wednesday 30 July 2025 10:09:50 AM.
> (try to add '--skip-broken' to skip uninstallable packages or '--nobest' to
> use not only best candidate packages)
>
> Thanks,
> Gagan
>
> On Wed, Jul 30, 2025 at 9:18 AM gagan tiwari <
> gagan.tiwari@xxxxxxxxxxxxxxxxxx> wrote:
>
> > HI John,
> >                       Yes. This command met with the same SSL Certificate
> > issue.  Here is output :-
> >
> >  python3 -c 'import urllib.request; print(len(urllib.request.urlopen("
> > https://download.ceph.com";).read()))'
> > Traceback (most recent call last):
> >   File "/usr/lib64/python3.9/urllib/request.py", line 1346, in do_open
> >     h.request(req.get_method(), req.selector, req.data, headers,
> >   File "/usr/lib64/python3.9/http/client.py", line 1285, in request
> >     self._send_request(method, url, body, headers, encode_chunked)
> >   File "/usr/lib64/python3.9/http/client.py", line 1331, in _send_request
> >     self.endheaders(body, encode_chunked=encode_chunked)
> >   File "/usr/lib64/python3.9/http/client.py", line 1280, in endheaders
> >     self._send_output(message_body, encode_chunked=encode_chunked)
> >   File "/usr/lib64/python3.9/http/client.py", line 1040, in _send_output
> >     self.send(msg)
> >   File "/usr/lib64/python3.9/http/client.py", line 980, in send
> >     self.connect()
> >   File "/usr/lib64/python3.9/http/client.py", line 1454, in connect
> >     self.sock = self._context.wrap_socket(self.sock,
> >   File "/usr/lib64/python3.9/ssl.py", line 501, in wrap_socket
> >     return self.sslsocket_class._create(
> >   File "/usr/lib64/python3.9/ssl.py", line 1074, in _create
> >     self.do_handshake()
> >   File "/usr/lib64/python3.9/ssl.py", line 1343, in do_handshake
> >     self._sslobj.do_handshake()
> > ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED]
> certificate
> > verify failed: unable to get local issuer certificate (_ssl.c:1147)
> >
> > During handling of the above exception, another exception occurred:
> >
> >
> > Please let me know how to get around this as I need to install Ceph
> > cluster at the earliest.
> >
> > Thanks,
> > Gagan
> >
> > On Tue, Jul 29, 2025 at 9:26 PM John Mulligan <
> > phlogistonjohn@xxxxxxxxxxxxx> wrote:
> >
> >> On Tuesday, July 29, 2025 10:50:06 AM Eastern Daylight Time gagan tiwari
> >> wrote:
> >> > Hi John,
> >> >                        Thanks for reply!
> >> >
> >> > curl seems to be working fine.  Here is output of the command :-
> >> >
> >> >  curl https://download.ceph.com
> >> > <html>
> >> > <head><title>Index of /</title></head>
> >> > <body>
> >> > <h1>Index of /</h1><hr><pre><a href="../">../</a>
> >> > <a href="archive/">archive/</a>
> >> > 13-Nov-2024 03:25                   -
> >> > <a href="calamari/">calamari/</a>
> >> >  29-Oct-2015 18:40                   -
> >> > <a href="ceph-iscsi/">ceph-iscsi/</a>
> >> >  22-May-2024 03:18                   -
> >> > <a href="cephmetrics/">cephmetrics/</a>
> >> >   29-Jun-2017 22:07                   -
> >> > <a href="cloudinit/">cloudinit/</a>
> >> > 11-Aug-2020 14:47                   -
> >> > <a href="debian-15.1.0/">debian-15.1.0/</a>
> >> >     13-Mar-2020 22:19                   -
> >> > <a href="debian-15.1.1/">debian-15.1.1/</a>
> >> >     13-Mar-2020 22:21                   -
> >> > <a href="debian-15.2.0/">debian-15.2.0/</a>
> >> >     23-Mar-2020 22:43                   -
> >> > <a href="debian-15.2.1/">debian-15.2.1/</a>
> >> >     09-Apr-2020 16:11                   -
> >> > <a href="debian-15.2.10/">debian-15.2.10/</a>
> >> >      18-Mar-2021 13:41                   -
> >> > <a href="debian-15.2.11/">debian-15.2.11/</a>
> >> >      19-Apr-2021 22:17                   -
> >> > <a href="debian-15.2.12/">debian-15.2.12/</a>
> >> >      13-May-2021 23:06                   -
> >> > <a href="debian-15.2.13/">debian-15.2.13/</a>
> >> >      26-May-2021 22:26                   -
> >> > <a href="debian-15.2.14/">debian-15.2.14/</a>
> >> >      05-Aug-2021 21:32                   -
> >> > <a href="debian-15.2.15/">debian-15.2.15/</a>
> >> >      20-Oct-2021 18:33                   -
> >> > <a href="debian-15.2.16/">debian-15.2.16/</a>
> >> >      01-Mar-2022 12:18                   -
> >> > <a href="debian-15.2.17/">debian-15.2.17/</a>
> >> >      09-Aug-2022 20:59
> >> >
> >> >
> >> > I have tried  to install the latest version of squid 19.2.3 and
> 19.2.2.
> >> > Facing the same SSL issue with both versions.
> >> >
> >> > Thanks,
> >> > Gagan
> >> >
> >>
> >> It dawns on me that curl might not be the best test as I think it can
> use
> >> a different cert bundle by default.
> >>
> >> Does this command fail the same way as cephadm?
> >> ```
> >> python3 -c 'import urllib.request; print(len(urllib.request.urlopen("
> >> https://download.ceph.com";).read()))'
> >> ```
> >>
> >>
> >> PS. Please keep the list CC'ed. We want others to be able to help as
> well
> >> and keep a record of what was discussed.
> >>
> >>
> >>
> _______________________________________________
> ceph-users mailing list -- ceph-users@xxxxxxx
> To unsubscribe send an email to ceph-users-leave@xxxxxxx
>
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux