For the last 24hrs I have the famous https://aur.manjaro.org/packages-meta-ext-v1.json.gz: Unacceptable TLS certificate
How do I fix this???
I have searched the forum, went through MASSIVE amount of posts, trying EVERYTHING suggested EXCEPT using third party software to download from AUR.
I installed Manjaro, I want to use the built in package manager for this.
EVERY other method of reaching https://aur.manjaro.org/packages-meta-ext-v1.json.gz works, whether its curl, wget, open it in firefex, WHATEVER, the webserver IS WORKING, PAMAC IS NOT (or the method pamac is communicating is not working).
I KNOW when this happened, and you can argue as much as you want that āpacman or pacman-mirrors has nothing to do with pamac or aurā, but EVERY TIME pamac breakts one way or another for me is if I update my mirror lists. THERE IS CLEAR CORRELATION BETWEEN THIS. Maybe not causation, but definitely correlation!
Now, HOW DO I FIX THIS???
I have been patiently waiting for this to āfix itselfā, waited more than 24h to install from aur. When will Manjaro fix this???
- Status: The certificate is NOT trusted. The revocation or OCSP data are old and have been superseded.
*** PKI verification of server certificate failed...
Full output:
gnutls-cli --tofu aur.manjaro.org ī² INT ā
Processed 161 CA certificate(s).
Resolving 'aur.manjaro.org:443'...
Connecting to '185.76.9.24:443'...
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
- subject `CN=1715854792.rsc.cdn77.org', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x037902608019ad1cf6f91d6a1178e5e96d8a, EC/ECDSA key 256 bits, signed using RSA-SHA256, activated `2023-04-27 17:10:39 UTC', expires `2023-07-26 17:10:38 UTC', pin-sha256="b4v2TA3Z2hy8+5FpaaG2ChyVYtGDqxzNrqmatiuz5tk="
Public Key ID:
sha1:95a5354419f961be90fbe8fa1215006d0264d263
sha256:6f8bf64c0dd9da1cbcfb916969a1b60a1c9562d183ab1ccdaea99ab62bb3e6d9
Public Key PIN:
pin-sha256:b4v2TA3Z2hy8+5FpaaG2ChyVYtGDqxzNrqmatiuz5tk=
- Certificate[1] info:
- subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=ISRG Root X1,O=Internet Security Research Group,C=US', serial 0x00912b084acf0c18a753f6d62e25a75f5a, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC', pin-sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0="
- Certificate[2] info:
- subject `CN=ISRG Root X1,O=Internet Security Research Group,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x4001772137d4e942b8ee76aa3c640ab7, RSA key 4096 bits, signed using RSA-SHA256, activated `2021-01-20 19:14:03 UTC', expires `2024-09-30 18:14:03 UTC', pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="
|<1>| There is a newer OCSP response but was not provided by the server
- Status: The certificate is NOT trusted. The revocation or OCSP data are old and have been superseded.
*** PKI verification of server certificate failed...
- Description: (TLS1.3-X.509)-(ECDHE-SECP256R1)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
- Session ID: 9F:37:A5:9C:3A:D1:0A:0D:1A:05:F7:B6:AE:84:7A:78:58:EC:30:4B:8F:90:03:EB:62:3D:20:A8:A0:EB:EA:0C
- Options: OCSP status request[ignored],
- Handshake was completed
- Simple Client Mode:
- Peer has closed the GnuTLS connection