First thought was “oh no, not again” but on closer inspection, the certificate in question has not expired, and is still current for some months yet. I can also visit the offending address with my browser no worries, its just pamac that thinks its unacceptable.
Is this a pamac bug, or is there some reason this certificate is unacceptable to pamac but not firefox? How do I troubleshoot this?
$ pamac upgrade
Preparing...
Synchronizing package databases...
https://aur.manjaro.org/packages-meta-ext-v1.json.gz: Unacceptable TLS certificate
Failed to synchronize AUR database
Cloning jellyfin build files...
Generating jellyfin-web information...
==> ERROR: PKGBUILD does not exist.
Error: Failed to prepare transaction: Failed to generate jellyfin-web information
Pamac and pacman both report all normal packages are just up to date, so its just a handful of AUR packages this affects for me. Per the tag, this is on the unstable branch.
Had the issue too today, did a force-refresh as suggested, nothing changed. Waited a few hours, tried again, failed again. Then, like @megavolt, tried for a second time and it finished normally. Not getting any PKGBUILD errors like you are, though.
Tried to run it again (third time) just to check and the error is back. No clue what’s going on here and not sure if it’s on my end if it sometimes works?
That package is build from a base, so its one PKGBUILD for multiple packages, and that seems to confuse Pamac. It was happy enough to install it in the first place, but not to update it. Workaround is straightforward, git clone and makepkg -si as per normal.
And, the issue is back again. Im starting to wonder whether it was truly fixed, or if it is simply intermittent for some odd reason. For that reason Ive removed the “solution” marking.
With curl it works reliable but wget also often doesn’t like the certificate (which always works with openssl).
Seems like server rate limiting (maybe based on user agent).
One would expect some-kind of different error code from the server instead of something with an “Unacceptable TLS certificate”…
I think whoever is in control of that server, should recheck the config, because this is nutz…
Most likely the error page delivered when such a rate limiting happens, is just using a bad certificate which should be updated.
(eg. contact the CDN owners)
There are many servers involved. The error message doesn’t tell much.
The client expects a certificate bit maybe the sever already killed the connection?
Or the CDN has different endpoints (the main reason for a CDN) and one of them serves an outdated certificate.
At least Manjaro (is that @philm) should contact the CDN and ask about what’s going on.
Their dashboard should show an increased error rate.
Still happening intermittently for me. Between this, and the bug in Pamac preventing updating any multi-package pkgbuild, I’m starting to use pamac less and less.
Quick reply to say that I’ve encountered this issue intermittently for at least a couple of weeks, maybe as much as 2 months. It happens across multiple Manjaro machines in my household. Using VPN does appear to have any effect.
Sometimes a second run works, sometimes not; force-refresh does not appear to help particularly.
A “me too” here having this error since today, but I must say that is the first time ever I have seen it!
And pamac --force-refresh or regenerating the mirror-pool doesn’t help at all either…
and gave the above command another try, and it went through without error.