4 Čec
2016
4 Čec
'16
19:30
Hello,
Even if I force wget to accept your expired certificate I
can't get apt-get update to work when pointing to your servers. It has
been like this for a few days now.
Hit http://ftp.debian.org wheezy-updates/main Translation-en/DiffIndex
Err http://deb.knot-dns.cz wheezy/main amd64 Packages
301 Moved Permanently [IP: 217.31.192.140 80]
Ign http://deb.knot-dns.cz wheezy/main Translation-en
W: Failed to fetch
http://deb.knot-dns.cz/knot/dists/wheezy/main/binary-amd64/Packages 301
Moved Permanently [IP: 217.31.192.140 80]
E: Some index files failed to download. They have been ignored, or old
ones used instead.
Could someone have a look at this please?
DO you think that many users have just switched back to bind because of
this? or is it just me?
Regards,
Maren.
4 Čec
4 Čec
19:35
On Tue Jul 5 01:30:21 2016, Maren S. Leizaola wrote:
Hello,
Even if I force wget to accept your expired certificate I
can't get apt-get update to work when pointing to your servers. It has
been like this for a few days now.
Hit http://ftp.debian.org wheezy-updates/main Translation-en/DiffIndex
Err http://deb.knot-dns.cz wheezy/main amd64 Packages
301 Moved Permanently [IP: 217.31.192.140 80]
Ign http://deb.knot-dns.cz wheezy/main Translation-en
W: Failed to fetch
http://deb.knot-dns.cz/knot/dists/wheezy/main/binary-amd64/Packages 301
Moved Permanently [IP: 217.31.192.140 80]
E: Some index files failed to download. They have been ignored, or old
ones used instead.
Could someone have a look at this please?
DO you think that many users have just switched back to bind because of
this? or is it just me?
Hi,
Do you have the package to make apt able to fetch over HTTPS? (I forgot
the name, I don’t use debian so much)
--
alarig
20:01
Maren S. Leizaola wrote:
Hello,
Even if I force wget to accept your expired certificate I
can't get apt-get update to work when pointing to your servers. It has been
like this for a few days now.
For www.knot-dns.cz:443, I get the following certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1930293056481435 (0x6db975ff1a89b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing,
CN=StartCom Class 2 Primary Intermediate Server CA
Validity
Not Before: Mar 6 08:10:36 2015 GMT
Not After : Mar 6 08:13:13 2017 GMT
Subject: C=CZ, ST=Hlavni mesto Praha, L=Praha - Vinohrady, O=CZ.NIC, z.s.p.o.,
CN=www.knot-dns.cz/emailAddress=hostmaster(a)knot-dns.cz
For deb.knot-dns.cz:443, I get the following certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:e3:ba:a1:3f:f7:83:b7:e5:94:f4:97:db:42:e6:11:e4:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Validity
Not Before: Jul 2 03:26:00 2016 GMT
Not After : Sep 30 03:26:00 2016 GMT
Subject: CN=deb.knot-dns.cz
Neither certificate is currently expired.
Hit http://ftp.debian.org wheezy-updates/main
Translation-en/DiffIndex
Err http://deb.knot-dns.cz wheezy/main amd64 Packages
301 Moved Permanently [IP: 217.31.192.140 80]
Ign http://deb.knot-dns.cz wheezy/main Translation-en
W: Failed to fetch
http://deb.knot-dns.cz/knot/dists/wheezy/main/binary-amd64/Packages 301
Moved Permanently [IP: 217.31.192.140 80]
E: Some index files failed to download. They have been ignored, or old ones
used instead.
Could someone have a look at this please?
The deb.knot-dns.cz:80 server performs a permanent HTTP redirect to the
equivalent HTTPS URL:
* Connected to deb.knot-dns.cz (2001:1488:ac15:ff90::140) port 80 (#0)
GET /knot/dists/wheezy/main/binary-amd64/Packages
HTTP/1.1
Host: deb.knot-dns.cz
User-Agent: curl/7.47.0
Accept: */*
< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.6.2
< Date: Mon, 04 Jul 2016 17:47:13 GMT
< Content-Type: text/html
< Content-Length: 184
< Connection: keep-alive
< Location: https://deb.knot-dns.cz/knot/dists/wheezy/main/binary-amd64/Packages
The default HTTP(no s) transport for apt apparently can't follow a
redirect to an HTTPS location, at least in wheezy. Most likely the
apt-transport-https and ca-certificates packages need to be installed,
and the URL in the apt sources file changed from 'http' to 'https'.
However, if you browse to https://deb.knot-dns.cz/knot/dists/, there are
only “jessie” and “stretch“ distribution directories listed. According
to the Debian project, security support for “wheezy“ (aka “oldstable“)
has ended several months ago:
https://www.debian.org/News/2016/20160425
--
Robert Edmonds
edmonds(a)debian.org
2864
days inactive
2864
days old
2 comments
3 participants
participants (3)
-
Alarig Le Lay -
Maren S. Leizaola -
Robert Edmonds