How to fix Fedora 25 dnf upgrade “certificate expired” failure

After logging on a Fedora 25 system I didn’t log for a while, I ran dnf clean all ; dnf upgrade to update it, but I ran into this problem:

# dnf -vvvv -d 5 upgrade
cachedir: /var/cache/dnf
Loaded plugins: playground, builddep, config-manager, debuginfo-install, generate_completion_cache, needs-restarting, copr, protected_packages, noroot, download, Query, reposync
DNF version: 1.1.10
Cannot download 'https://mirrors.fedoraproject.org/metalink?repo=updates-released-f25&arch=x86_64': Cannot prepare internal mirrorlist: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://mirrors.fedoraproject.org/metalink?repo=updates-released-f25&arch=x86_64 [Peer's Certificate has expired.].
Errore: Failed to synchronize cache for repo 'updates'

The certificates expired and dnf refuses to work. To update the certificates, I simply installed with rpm the packages ca-certificates, p11-kit, p11-kit-trust, openssl and openssl-libs from the distro upgrades.

# rpm -Uvh http://www.nic.funet.fi/pub/mirrors/fedora.redhat.com/pub/fedora/linux/updates/25/x86_64/c/ca-certificates-2017.2.11-1.1.fc25.noarch.rpm \ http://www.nic.funet.fi/pub/mirrors/fedora.redhat.com/pub/fedora/linux/updates/25/x86_64/p/p11-kit-0.23.2-3.fc25.x86_64.rpm \ http://www.nic.funet.fi/pub/mirrors/fedora.redhat.com/pub/fedora/linux/updates/25/x86_64/p/p11-kit-trust-0.23.2-3.fc25.x86_64.rpm \
http://www.nic.funet.fi/pub/mirrors/fedora.redhat.com/pub/fedora/linux/updates/25/x86_64/o/openssl-1.0.2k-1.fc25.x86_64.rpm \ http://www.nic.funet.fi/pub/mirrors/fedora.redhat.com/pub/fedora/linux/updates/25/x86_64/o/openssl-libs-1.0.2k-1.fc25.x86_64.rpm
# dnf upgrade
Fedora 25 - x86_64 - Updates  
Fedora 25 - x86_64
Ultima verifica della scadenza dei metadati: 0:00:19 fa il Mon Apr 17 13:47:09 2017.
[...]

You might have to find the latest version by browsing around your favourite Fedora mirror (you can find the base url in /etc/yum.repos.d/fedora-updates.repo).

Some links worth reading:

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s