Pamac fails to synchronise due unacceptable TLS certificate

No need to tell me to be patient, I know that It will update sooner or later… As matter of fact, it just did.
I was just replying to the request of @philm to let the team know if this issue is solved or not:

Hi, you can use the following command :

gnutls-cli --tofu


Processed 159 CA certificate(s).
Resolving ''...
Connecting to '2a02:6ea0:c900::10:443'...
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
 - subject `', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x04d5f8629c5f36e95639a4888de7eef5acec, EC/ECDSA key 256 bits, signed using RSA-SHA256, activated `2023-02-16 13:00:05 UTC', expires `2023-05-17 13:00:04 UTC', pin-sha256="wWjxTRsdI+HGgYasYZwhHHl2xIdgRXqLsi6IF1zGeFg="
	Public Key ID:
	Public Key PIN:

- Certificate[1] info:
 - subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=ISRG Root X1,O=Internet Security Research Group,C=US', serial 0x00912b084acf0c18a753f6d62e25a75f5a, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC', pin-sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0="
- Certificate[2] info:
 - subject `CN=ISRG Root X1,O=Internet Security Research Group,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x4001772137d4e942b8ee76aa3c640ab7, RSA key 4096 bits, signed using RSA-SHA256, activated `2021-01-20 19:14:03 UTC', expires `2024-09-30 18:14:03 UTC', pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="
|<1>| There is a newer OCSP response but was not provided by the server
- Status: The certificate is NOT trusted. The revocation or OCSP data are old and have been superseded. 
*** PKI verification of server certificate failed...
Host (https) has never been contacted before.
Its certificate is valid for
Are you sure you want to trust it? (y/N): y

just :

The revocation or OCSP data are old and have been superseded. 

or be patient

I was also having this problem and I tried the various suggestions on this thread but none worked. I then tried to su as root and run the command and that worked so maybe someone else could try that and see if it resolves the issue.

pamac update

Happened here in testing and unstable. Noticed no problem in stable.

> cp: cannot create regular file '/var/tmp/pamac/dbs/sync/core.db': Permission denied                                                         
> cp: cannot create regular file '/var/tmp/pamac/dbs/sync/extra.db': Permission denied

command: pamac update --aur

I had that the other day on stable, I solved it by running sudo pacman -Syyu and then pamac upgrade -a

This specific error is only an issue when you have the option for checking AUR script updates in Pamac.

It does not matter what your branch is - the aur database is the same.

Avoid the issue all-together by disabling the Pamac AUR check


It is well known that combining the system update with an AUR rebuild may and likely will cause serious headaches. Just search the forum - there is countless issues on this.

Use a helper script like [root tip] [HowTo] Check if your AUR build scripts have been updated

The intro to that post has had me confused for a long time, I’m not a programmer, I only know what I have learned through my way, but I interpret this as if you are on stable branch you should never use aur. Or am I missing something here??

if [[ $(pacman-mirrors -G) == 'stable' ]]; then echo 'AUR is a no-go'; else echo 'OK - go ahead'; fi

AUR is package recipies - in fact they are shell scripts with certain assumptions with relation to the system on which the recipe is executed.

And it is well known that Manjaro stable does not match Arch stable - which is why the recommendation from many experienced members is this:

If you want to use AUR switch to unstable branch - otherwise watchout - there be :dragon_face: :dragon_face: :dragon_face:

If you want to sail around Tierra del Fuego - in a manner of speaking - unstable branch is the only fit for using AUR.


LMAO! <3

I don’t know if this will work for everyone, but I had exactly the same issue:

$ pamac upgrade
Synchronizing package databases... Unacceptable TLS certificate
Failed to synchronize AUR database

and updating all the keys fixed it:

$ sudo pacman-key --init
$ sudo pacman-key --populate archlinux manjaro
$ sudo pacman -Sy gnupg archlinux-keyring manjaro-keyring
$ sudo pacman-key --refresh-keys
$ sudo pacman -Syu

No, that’s wrong and was a coincidence. There is no connection between pacman and the AUR.

it’s a random error (depends on the server’s availability)

as a test, I made a script that uses the same library as pamac and sometimes errors, sometimes ok :sob:
For me, out of 10 attempts, it’s okay 7 to 8 times.

1 Like

The error Unacceptable TLS certificate happened to me today 06-25-23 and I could fix it by running sudo pacman -S ca-certificates as you suggested.

Thank you for your help!

That’s not a solution, it’s a coincidence.

The error is server-side. Can we delete these false solutions?

1 Like

Ever heard of the placebo effect?

After that incident, where that link comes from, I started using the scipt suggested earlier (link below) instead, and it works. Got informed by it the other day that Spotify needed to be updated so I ran:

pamac upgrade && pamac build $(

I only run pamac upgrade now. or sudo pacman -Syu unless informed by the script.
Pretty great and no more weird pamac errors.

Yes, you’re right, it was just a coincidence :sob:

I got TLS error today with pamac -aur. I used yay to rebuild as per instructions in the other 2 similar topics.

yay -Sua

Each time I use Pamac I get: Unacceptable TLS certificate

Is using the search engine THAT hard? There are 39 topics about that problem. At least 2-3 of them give workaround. Including this one, with solution directly above your post.
Turn off aur updates in pamac, update from repos normally. Install yay. Use the linus-arhus shell script or just

yay -Quaq

To check for aur updates. If there are any, update with

yay -Sua

No one will trust a random script posted by an unknown person on a discussion forum. It’s frustrating to reinstall the whole system and reconfigure it again, that’s why I only trust solutions in posts from official persons like @philm