For the last 24hrs I have the famous
https://aur.manjaro.org/packages-meta-ext-v1.json.gz: Unacceptable TLS certificate
How do I fix this???
I have searched the forum, went through MASSIVE amount of posts, trying EVERYTHING suggested EXCEPT using third party software to download from AUR.
I installed Manjaro, I want to use the built in package manager for this.
EVERY other method of reaching https://aur.manjaro.org/packages-meta-ext-v1.json.gz works, whether its curl, wget, open it in firefex, WHATEVER, the webserver IS WORKING, PAMAC IS NOT (or the method pamac is communicating is not working).
I KNOW when this happened, and you can argue as much as you want that “pacman or pacman-mirrors has nothing to do with pamac or aur”, but EVERY TIME pamac breakts one way or another for me is if I update my mirror lists. THERE IS CLEAR CORRELATION BETWEEN THIS. Maybe not causation, but definitely correlation!
Now, HOW DO I FIX THIS???
I have been patiently waiting for this to “fix itself”, waited more than 24h to install from aur. When will Manjaro fix this???
- Status: The certificate is NOT trusted. The revocation or OCSP data are old and have been superseded. *** PKI verification of server certificate failed...
gnutls-cli --tofu aur.manjaro.org INT ✘ Processed 161 CA certificate(s). Resolving 'aur.manjaro.org:443'... Connecting to '220.127.116.11:443'... - Certificate type: X.509 - Got a certificate list of 3 certificates. - Certificate info: - subject `CN=1715854792.rsc.cdn77.org', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x037902608019ad1cf6f91d6a1178e5e96d8a, EC/ECDSA key 256 bits, signed using RSA-SHA256, activated `2023-04-27 17:10:39 UTC', expires `2023-07-26 17:10:38 UTC', pin-sha256="b4v2TA3Z2hy8+5FpaaG2ChyVYtGDqxzNrqmatiuz5tk=" Public Key ID: sha1:95a5354419f961be90fbe8fa1215006d0264d263 sha256:6f8bf64c0dd9da1cbcfb916969a1b60a1c9562d183ab1ccdaea99ab62bb3e6d9 Public Key PIN: pin-sha256:b4v2TA3Z2hy8+5FpaaG2ChyVYtGDqxzNrqmatiuz5tk= - Certificate info: - subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=ISRG Root X1,O=Internet Security Research Group,C=US', serial 0x00912b084acf0c18a753f6d62e25a75f5a, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC', pin-sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0=" - Certificate info: - subject `CN=ISRG Root X1,O=Internet Security Research Group,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x4001772137d4e942b8ee76aa3c640ab7, RSA key 4096 bits, signed using RSA-SHA256, activated `2021-01-20 19:14:03 UTC', expires `2024-09-30 18:14:03 UTC', pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=" |<1>| There is a newer OCSP response but was not provided by the server - Status: The certificate is NOT trusted. The revocation or OCSP data are old and have been superseded. *** PKI verification of server certificate failed... - Description: (TLS1.3-X.509)-(ECDHE-SECP256R1)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM) - Session ID: 9F:37:A5:9C:3A:D1:0A:0D:1A:05:F7:B6:AE:84:7A:78:58:EC:30:4B:8F:90:03:EB:62:3D:20:A8:A0:EB:EA:0C - Options: OCSP status request[ignored], - Handshake was completed - Simple Client Mode: - Peer has closed the GnuTLS connection