Again problems with the certificates of the mirror servers

When updating the mirror for Germany, I have been getting the following error messages for some time now:

::ERROR [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1123) 'https://mirror.atysleaks.org/manjaro/'

::ERROR [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1123) 'https://mirror.atysleaks.org/manjaro/'

I then reset everything with sudo pacman-mirrors -c all and then again with

sudo pacman-mirrors --country Germany --api --protocol https && sudo pacman -Syyu

selected my mirror servers. Always the same messages and also not the usual number of servers.

What can I do?

Switch to a mirror which does not have those issues :wink:

sudo pacman-mirrors -c Germany -i

Just select one or two…

Btw there is currently an issue with the repo list as well (outdated). I assume pacman-mirros is using that one…

Btw. I just see mirror.atysleaks.org. I think that one is hosted by @megavolt

1 Like

Thanks for poking me… I renewed the certs… I forgot to create a cronjob for this xD

1 Like

Normally certbot would do that automagically for you with some systemd service.

Yepp, true. But i had to add a systemd timer and service. This is not done automatically.

Cheers :beers:

The runtime mirror list is created from the custom mirrorlist if it exists or the default pool.
The custom mirror list is created from the default pool.

  • runtime mirror list: /etc/pacman.d/mirrorlist
  • custom mirror: /var/lib/pacman-mirrors/cutom-mirrors.json
  • default pool: /var/lib/pacman-mirrors/status.json (same as https://repo.manjaro.org/)

In theory, if a user runs pacman-mirrors -f before pacman -Syyu they should, in most cases, get a reliable repository. imho, it doesn’t make sense to run the systemd timer pamac-mirrorlist because the state of those runtime mirrors may change before you actually run the update.

The thing is also, now if you create a custom list with -c Germany for example, it will not generate a proper list: The status file (https://repo.manjaro.org/status.json) that is being used by pacman-mirrors is outdated. Same goes for the status page itself.

image

It has not been refreshed since the 6th of March. pacman-mirrors will only list those that were up-to-date for your branch at that point in time (unless they were all outdated, then you’d get the full list. e.g. France).

For Germany for example in the unstable branch you only see two mirrors being up-to date although in reality it is more than those…

I personally don’t care because I just use a single mirror and I know it’s up-to-date.
But that status stuff will sooner or later lead to some confusion for some Manjaro users.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.