-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Certificate Error for Repo brave-browser-apt-release.s3.brave.com #7658
Comments
Strange, I just updated my browser successfully using the apt repo.
This suggests you're trying to access the repo over IPv6. However, from my machine, I can't see an IPv6 for that hostname:
There seems to be something wrong with DNS somewhere. I don't think you're connecting to the right server. Can you try forcing one of the IPv4 addresses for that hostname in your e.g. |
Looks like OpenDNS blocked the IP that brave-browser-apt-release.s3.brave.com resolved to for me:
Using the IP you provided allowed me to update. |
Ah yes, OpenDNS mistakenly blocked us yesterday: https://www.reddit.com/r/BATProject/comments/ela2o0/bravecom_sites_being_blocked_by_opendns/ They have apparently rolled out a fix on their end, but DNS caching being what it is, it might take another day to clear up. |
@jsandiego Is this still an issue for you? |
My DNS no longer resolves to the IP address that was giving me the issue, so it is no longer an issue for me. |
Closing, reopen if necessary. |
Hi there, I am seeing this error messageagain, running Linux Mint 22.02. Don't know whether it is a same issue on OpenDNS. Is there a ticket opened / reopned. I am using Public Library network, and was able to upgrade brave browser before without any issue until couple weeks ago.. Hit:1 http://mirror.math.ucdavis.edu/ubuntu focal InRelease cat /etc/hosts The following lines are desirable for IPv6 capable hosts::1 ip6-localhost ip6-loopback $ dig AAAA brave-browser-apt-release.s3.brave.com ; <<>> DiG 9.16.1-Ubuntu <<>> AAAA brave-browser-apt-release.s3.brave.com ;; OPT PSEUDOSECTION: ;; ANSWER SECTION: ;; Query time: 48 msec Thank you |
@cdphan there are no images for Mint 22 at hub.docker.com, but in a Mint 21 container the instructions from brave.com/linux appear to be working fine. Could this be a local issue? Have you tried following the official installation instructions again? Is the system clock set up correctly? Does reinstalling ca-certificates change anything? |
@cdphan, I just came across the same problem in LM 21.2 ( i assume your 22.02 was a typo as LM 22 isn't out yet) on a public library wifi. Switching to data changed the error message from the same as the OP to a Notification: N: Skipping acquisition of configured file 'main/binary-i386/Packages', as repository 'https://brave-browser-apt-release.s3.brave.com stable InRelease' doesn't support architecture 'i386' Which i solved by changing my /etc/apt/sources.list.d/brave-browser-release.list to specify ARM64 architecture as i have a 64bit machine and i386 is 32 bit, so my brave-browser-release.list now looks like: deb [arch=amd64 signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main I'm not sure if the i386 architecture bit is related but i thought i would include all my steps incase it was a compound of problems. My knowledge is limited so i don't pretend to understand the whole picture. Summary: if on LM22 on public wifi, try changing from public Wifi, If you are getting 'i386' notification then edit the apt source list file as above. Useful link to take you through that step by step is: https://itsfoss.com/repository-doesnt-support-architecture-i386/ |
@GuiltySpark7 I'm afraid I can't reproduce any of the issues by following the instructions from brave.com/linux in a Issues specific to a network would be best discussed with its maintainer. If you share the output of As for the architecture - I also didn't run into this. Per https://wiki.debian.org/Multiarch/HOWTO, you can check your currently selected architecture with |
@wknapik impressively fast reply. Sorry I should have been more clear, I solved my problem and wanted to share my solution as my problem lead me to this thread and reading cdphans post I was not the first so I reckoned I wouldn't be the last. It might be a simple solution of changing network for many who visit and I wanted to deflect them from a potentially unnecessary rabbit hole (that I went down). I understand that a conversation with the library network maintainer might help but this is clearly a common problem and also good luck finding such a person, I am in a van, outside a library which is opened 3 hours a week 9-12 on a Friday xD I think the architecture was a default problem thing twith changing folders that is explained in https://itsfoss.com/repository-doesnt-support-architecture-i386/ If you are still interested running your command connected to Library Wifi after the amd64 fix:
|
@GuiltySpark7 the s_client outputs you shared for the library network and your phone are identical. They're also different to what I'm getting. You seem to be getting a certificate issued by Fortinet, while one issued by Amazon would be expected. I'm guessing the outputs being the same on both networks might be a copy/paste mistake? In any case, it seems like either some local configuration is causing this (perhaps a custom DNS, or VPN), or the network administrator might be doing something unusual. The IPs brave-browser-apt-release.s3.brave.com resolves to are not static, but it should look something like this % host brave-browser-apt-release.s3.brave.com
brave-browser-apt-release.s3.brave.com is an alias for d9owkidwx4k9e.cloudfront.net.
d9owkidwx4k9e.cloudfront.net has address 18.172.170.35
d9owkidwx4k9e.cloudfront.net has address 18.172.170.34
d9owkidwx4k9e.cloudfront.net has address 18.172.170.73
d9owkidwx4k9e.cloudfront.net has address 18.172.170.41
% If it doesn't for you, that would confirm my speculation above. |
@wknapik Ahh yes you are right, a copy and paste error, sorry not sure how i managed that. when I am on phone data and able to update fine, I get a certificate from amazon Certificate from amazon (update working)CONNECTED(00000003) depth=2 C = US, O = Amazon, CN = Amazon Root CA 1 verify return:1 depth=1 C = US, O = Amazon, CN = Amazon RSA 2048 M02 verify return:1 depth=0 CN = brave-browser-apt-release.s3.brave.com verify return:1 --- Certificate chain 0 s:CN = brave-browser-apt-release.s3.brave.com i:C = US, O = Amazon, CN = Amazon RSA 2048 M02 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Jun 3 00:00:00 2023 GMT; NotAfter: Jul 1 23:59:59 2024 GMT -----BEGIN CERTIFICATE----- MIIF+DCCBOCgAwIBAgIQDv5kAkwyOEikZVRtqwKFtDANBgkqhkiG9w0BAQsFADA8 MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g UlNBIDIwNDggTTAyMB4XDTIzMDYwMzAwMDAwMFoXDTI0MDcwMTIzNTk1OVowMTEv MC0GA1UEAxMmYnJhdmUtYnJvd3Nlci1hcHQtcmVsZWFzZS5zMy5icmF2ZS5jb20w ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnb4oQZ3F8fbhC+jZ9Cdb/ IOw86mplzYoTb5PZIU8lf0KfnG54ZoYkIdzbkAOqa/igYgjT++xVKo7KHPlie1k8 00w/heRFV0ty9MrXLfh77a+5nhuKTFneLlmx/YNIDeW0JJR15GgkKPw5AdrmeMUd VmV9iVdbdLUpTfEMnjEDWgeJWbz8oV3gYxB16gP96Z0OPjWXWxWj7rH6XKx0d0nE 6l+NT3mqBCoktTO4rhzLeSI/72w17WIM1p3hXVeBgsjhL+TzN4FSm21NuVOcVz1p fv2Oci6VJTH1RWFMmetUBeaDPZAhfZP/t/7xXkzu4rr9uoW9AYK3Iqc1QaVuCs43 AgMBAAGjggL/MIIC+zAfBgNVHSMEGDAWgBTAMVLNWlDDgnx0cc7L6Zz5euuC4jAd BgNVHQ4EFgQUMOt3PGYSQa8bvUogUGvbFJ3WsaswMQYDVR0RBCowKIImYnJhdmUt YnJvd3Nlci1hcHQtcmVsZWFzZS5zMy5icmF2ZS5jb20wDgYDVR0PAQH/BAQDAgWg MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAs hipodHRwOi8vY3JsLnIybTAyLmFtYXpvbnRydXN0LmNvbS9yMm0wMi5jcmwwEwYD VR0gBAwwCjAIBgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFo dHRwOi8vb2NzcC5yMm0wMi5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0 dHA6Ly9jcnQucjJtMDIuYW1hem9udHJ1c3QuY29tL3IybTAyLmNlcjAMBgNVHRMB Af8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdwDuzdBk1dsazsVct520 zROiModGfLzs3sNRSFlGcR+1mwAAAYh/H5rNAAAEAwBIMEYCIQDyT7QEPjC2tpjh epfyftmXlpzEAHAInZKpTCC7g0NslgIhAJ498mYFrgeJZQ45J5v91UUO0o7E8mRT xCOj4Rd6iWx5AHYASLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHMAAAGI fx+auQAABAMARzBFAiAJkrMRPFEMEqSzkSgIPM7Lj8S0LPow1yxqNpAVLsQruwIh AJGlp4xSimCY9W6ivbICfdAN3nGPn8xJJz+8xBklE2ERAHUA2ra/az+1tiKfm8K7 XGvocJFxbLtRhIU0vaQ9MEjX+6sAAAGIfx+aiAAABAMARjBEAiBo2bhYpzOtWZB5 /dUdlThFJhRpgYntFqG+eow0AAgHTAIgO4ags1ThSEqAfB6I3i6KL7D9M09cDFFT uPZ9C0+ydIAwDQYJKoZIhvcNAQELBQADggEBAFTP7MCLd6vW8cwGerqWSSJl+gE6 LquBqbPwO1vmCyu/h9yyidaJW4OJvMYmVU10u7rNgWa9SFcjoVxvja2w6fi5j8rG /MRZ7vbZ1mwNrmPaoTsVMVyRo4eXaBy5tOxc6Y+VHHeMUHemkN0OLDnqq9q/jLaS 3qznRUsPuq3/JVmngKL71l+TMUOhMHObHdrwHrgpOrxjCzV9OQbvAdFQjWW+Dvjg s5qDf1HUdXDr1ZBz3+UO4XoWP7hzcjo8yh5aQY69BsUBmJ+N0h18BmhhTuU8mlXZ 8UpCt9WV7A1AA7OXJ6f80hk+qOPvd4h9NDrp1cfNWcabt+9TzH+Yh1w62hg= -----END CERTIFICATE----- 1 s:C = US, O = Amazon, CN = Amazon RSA 2048 M02 i:C = US, O = Amazon, CN = Amazon Root CA 1 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Aug 23 22:25:30 2022 GMT; NotAfter: Aug 23 22:25:30 2030 GMT -----BEGIN CERTIFICATE----- MIIEXjCCA0agAwIBAgITB3MSSkvL1E7HtTvq8ZSELToPoTANBgkqhkiG9w0BAQsF ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 b24gUm9vdCBDQSAxMB4XDTIyMDgyMzIyMjUzMFoXDTMwMDgyMzIyMjUzMFowPDEL MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEcMBoGA1UEAxMTQW1hem9uIFJT QSAyMDQ4IE0wMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALtDGMZa qHneKei1by6+pUPPLljTB143Si6VpEWPc6mSkFhZb/6qrkZyoHlQLbDYnI2D7hD0 sdzEqfnuAjIsuXQLG3A8TvX6V3oFNBFVe8NlLJHvBseKY88saLwufxkZVwk74g4n WlNMXzla9Y5F3wwRHwMVH443xGz6UtGSZSqQ94eFx5X7Tlqt8whi8qCaKdZ5rNak +r9nUThOeClqFd4oXych//Rc7Y0eX1KNWHYSI1Nk31mYgiK3JvH063g+K9tHA63Z eTgKgndlh+WI+zv7i44HepRZjA1FYwYZ9Vv/9UkC5Yz8/yU65fgjaE+wVHM4e/Yy C2osrPWE7gJ+dXMCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYD VR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNV HQ4EFgQUwDFSzVpQw4J8dHHOy+mc+XrrguIwHwYDVR0jBBgwFoAUhBjMhTTsvAyU lC4IWZzHshBOCggwewYIKwYBBQUHAQEEbzBtMC8GCCsGAQUFBzABhiNodHRwOi8v b2NzcC5yb290Y2ExLmFtYXpvbnRydXN0LmNvbTA6BggrBgEFBQcwAoYuaHR0cDov L2NydC5yb290Y2ExLmFtYXpvbnRydXN0LmNvbS9yb290Y2ExLmNlcjA/BgNVHR8E ODA2MDSgMqAwhi5odHRwOi8vY3JsLnJvb3RjYTEuYW1hem9udHJ1c3QuY29tL3Jv b3RjYTEuY3JsMBMGA1UdIAQMMAowCAYGZ4EMAQIBMA0GCSqGSIb3DQEBCwUAA4IB AQAtTi6Fs0Azfi+iwm7jrz+CSxHH+uHl7Law3MQSXVtR8RV53PtR6r/6gNpqlzdo Zq4FKbADi1v9Bun8RY8D51uedRfjsbeodizeBB8nXmeyD33Ep7VATj4ozcd31YFV fgRhvTSxNrrTlNpWkUk0m3BMPv8sg381HhA6uEYokE5q9uws/3YkKqRiEz3TsaWm JqIRZhMbgAfp7O7FUwFIb7UIspogZSKxPIWJpxiPo3TcBambbVtQOcNRWz5qCQdD slI2yayq0n2TXoHyNCLEH8rpsJRVILFsg0jc7BaFrMnF462+ajSehgj12IidNeRN 4zl+EoNaWdpnWndvSpAEkq2P -----END CERTIFICATE----- 2 s:C = US, O = Amazon, CN = Amazon Root CA 1 i:C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: May 25 12:00:00 2015 GMT; NotAfter: Dec 31 01:00:00 2037 GMT -----BEGIN CERTIFICATE----- MIIEkjCCA3qgAwIBAgITBn+USionzfP6wq4rAfkI7rnExjANBgkqhkiG9w0BAQsF ADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNj b3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4x OzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1 dGhvcml0eSAtIEcyMB4XDTE1MDUyNTEyMDAwMFoXDTM3MTIzMTAxMDAwMFowOTEL MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM 9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6 VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L 93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm jgSubJrIqg0CAwEAAaOCATEwggEtMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ BAQDAgGGMB0GA1UdDgQWBBSEGMyFNOy8DJSULghZnMeyEE4KCDAfBgNVHSMEGDAW gBScXwDfqgHXMCs4iKK4bUqc8hGRgzB4BggrBgEFBQcBAQRsMGowLgYIKwYBBQUH MAGGImh0dHA6Ly9vY3NwLnJvb3RnMi5hbWF6b250cnVzdC5jb20wOAYIKwYBBQUH MAKGLGh0dHA6Ly9jcnQucm9vdGcyLmFtYXpvbnRydXN0LmNvbS9yb290ZzIuY2Vy MD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwucm9vdGcyLmFtYXpvbnRydXN0 LmNvbS9yb290ZzIuY3JsMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsF AAOCAQEAYjdCXLwQtT6LLOkMm2xF4gcAevnFWAu5CIw+7bMlPLVvUOTNNWqnkzSW MiGpSESrnO09tKpzbeR/FoCJbM8oAxiDR3mjEH4wW6w7sGDgd9QIpuEdfF7Au/ma eyKdpwAJfqxGF4PcnCZXmTA5YpaP7dreqsXMGz7KQ2hsVxa81Q4gLv7/wmpdLqBK bRRYh5TmOTFffHPLkIhqhBGWJ6bt2YFGpn6jcgAKUj6DiAdjd4lpFw85hdKrCEVN 0FE6/V1dN2RMfjCyVSRCnTawXZwXgWHxyvkQAiSr6w10kY17RSlQOYiypok1JR4U akcjMS9cmvqtmg5iUaQqqcT5NJ0hGA== -----END CERTIFICATE----- 3 s:C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2 i:C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Sep 2 00:00:00 2009 GMT; NotAfter: Jun 28 17:39:16 2034 GMT -----BEGIN CERTIFICATE----- MIIEdTCCA12gAwIBAgIJAKcOSkw0grd/MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV BAYTAlVTMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTIw MAYDVQQLEylTdGFyZmllbGQgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 eTAeFw0wOTA5MDIwMDAwMDBaFw0zNDA2MjgxNzM5MTZaMIGYMQswCQYDVQQGEwJV UzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UE ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjE7MDkGA1UEAxMyU3RhcmZp ZWxkIFNlcnZpY2VzIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVDDrEKvlO4vW+GZdfjohTsR8/ y8+fIBNtKTrID30892t2OGPZNmCom15cAICyL1l/9of5JUOG52kbUpqQ4XHj2C0N Tm/2yEnZtvMaVq4rtnQU68/7JuMauh2WLmo7WJSJR1b/JaCTcFOD2oR0FMNnngRo Ot+OQFodSk7PQ5E751bWAHDLUu57fa4657wx+UX2wmDPE1kCK4DMNEffud6QZW0C zyyRpqbn3oUYSXxmTqM6bam17jQuug0DuDPfR+uxa40l2ZvOgdFFRjKWcIfeAg5J Q4W2bHO7ZOphQazJ1FTfhy/HIrImzJ9ZVGif/L4qL8RVHHVAYBeFAlU5i38FAgMB AAGjgfAwge0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0O BBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMB8GA1UdIwQYMBaAFL9ft9HO3R+G9FtV rNzXEMIOqYjnME8GCCsGAQUFBwEBBEMwQTAcBggrBgEFBQcwAYYQaHR0cDovL28u c3MyLnVzLzAhBggrBgEFBQcwAoYVaHR0cDovL3guc3MyLnVzL3guY2VyMCYGA1Ud HwQfMB0wG6AZoBeGFWh0dHA6Ly9zLnNzMi51cy9yLmNybDARBgNVHSAECjAIMAYG BFUdIAAwDQYJKoZIhvcNAQELBQADggEBACMd44pXyn3pF3lM8R5V/cxTbj5HD9/G VfKyBDbtgB9TxF00KGu+x1X8Z+rLP3+QsjPNG1gQggL4+C/1E2DUBc7xgQjB3ad1 l08YuW3e95ORCLp+QCztweq7dp4zBncdDQh/U90bZKuCJ/Fp1U1ervShw3WnWEQt 8jxwmKy6abaVd38PMV4s/KCHOkdp8Hlf9BRUpJVeEXgSYCfOn8J3/yNTd126/+pZ 59vPr5KW7ySaNRB6nJHGDn2Z9j8Z3/VyVOEVqQdZe4O/Ui5GjLIAZHYcSNPYeehu VsyuLAOQ1xk4meTKCRlb/weWsKh/NEnfVqn3sF/tM+2MR7cwA130A4w= -----END CERTIFICATE----- --- Server certificate subject=CN = brave-browser-apt-release.s3.brave.com issuer=C = US, O = Amazon, CN = Amazon RSA 2048 M02 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 5532 bytes and written 404 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- DONEI haven't messed around with my DNS or VPN that i am aware of and all that I am changing is whether my phone (acting as hotspot) uses the Library WiFi or Data. My thoughts lean towards "administrator might be doing something unusual." But i don't know nearly as much as you. Thanks a lot for deepening my understanding and taking time, the internet is a better place for the likes of you. I am satisfied :) |
Thank you for the kind words @GuiltySpark7 :) It does look like the library is doing something weird. To anyone who finds this issue in the future - if you're seeing similar symptoms, it's likely a similar problem and changing networks (including by getting on a VPN) will likely resolve it. |
Fortinet is a firewall vendor, some of the products include SSL/TLS inspection, which can be configured per-category (e.g. to allow virus scanning for "Software Download" sites). Their database lookup shows the following changes: Oct 21, 2022 @ 09:30:09 PDT Jan 04, 2024 @ 17:35:13 PST @GuiltySpark7 is this still an issue? |
sorry I will probably not be back to the same library for many months. I have not seen it as a error in a while though. Might be because I have changed country (Original error found at Canadian library, I am now in Spain). I might be back in Canada in the next few months, if I manage to replicate the error I will post here, If there is radio silence then the error is not happening |
Description
Certificate verification failed when trying to update using apt-get on Ubuntu.
Err:4 https://brave-browser-apt-release.s3.brave.com bionic Release Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: ::ffff:146.112.61.106 443]
Steps to Reproduce
sudo apt-get update
Actual result:
Get cert error when trying to update using apt-get.
Expected result:
Actually update when using apt-get.
Reproduces how often:
Easily reproduced.
Brave version (brave://version info)
Brave | 1.1.23 Chromium: 79.0.3945.88 (Official Build) (64-bit)
Revision | c2a58a36b9411c80829b4b154bfcab97e581f1f3-refs/branch-heads/3945@{#954}
OS | Linux
Other Additional Information:
The cert error when attempting to go to the URL of repo:
NET::ERR_CERT_AUTHORITY_INVALID
Subject: brave-browser-apt-release.s3.brave.com
Issuer: Cisco Umbrella Secondary SubCA dfw-SG
Expires on: Jan 11, 2020
Current date: Jan 8, 2020
PEM encoded chain:
-----BEGIN CERTIFICATE-----
MIIDdzCCAl+gAwIBAgIEXhXXlTANBgkqhkiG9w0BAQsFADBAMQ4wDAYDVQQKDAVD
aXNjbzEuMCwGA1UEAwwlQ2lzY28gVW1icmVsbGEgU2Vjb25kYXJ5IFN1YkNBIGRm
dy1TRzAeFw0yMDAxMDYxMzA3MjZaFw0yMDAxMTExMzA3MjZaMIGDMQswCQYDVQQG
EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNj
bzEWMBQGA1UECgwNT3BlbkROUywgSW5jLjEvMC0GA1UEAwwmYnJhdmUtYnJvd3Nl
ci1hcHQtcmVsZWFzZS5zMy5icmF2ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDTbvCpq+tRX0ND1wsYdLHZZkLOD66DATbS60/JgGVUNb9zV5W4
FeWctINkYB//2uklUZ8ktt5UC1pwRuoa5KWXjqXzndInsJVdJUtA6MiV1UaciRMP
8dMFWvrWfK0RBife1eA2fe1b+fKeGNlPOBCW5XZqaQ1p/A6A9OeMXFklRJTr93eG
+3KppykYwosWfeYfSln04vS4wTbTjZX6LiTbZteS/nP1BIJ/4Q45RTioRIy362DN
B2uzM+ltplMJh/W+8Q/kcQseJX7W+dto/FTniXT0CqouGmVGim1FekYSSLJTbTHD
1AxEfpLpKAuJ15Bh2D0KiOiNlUPB9BV1fl4RAgMBAAGjNTAzMDEGA1UdEQQqMCiC
JmJyYXZlLWJyb3dzZXItYXB0LXJlbGVhc2UuczMuYnJhdmUuY29tMA0GCSqGSIb3
DQEBCwUAA4IBAQAyBXgtOJqO0m/S/Ju3Asq5HFkFWdwOAentyBM8ol7bp6tkJ14D
bxDHVZnYKzMapVXzxVDqiIUwUm5BVTfk+80+R5gsyyR7etZi7Pz5Q3vMskpZGCMQ
9Ihh4w+AmTPpkbVe1lbe8yg5IobZBGK7AmF1qipRIDYuKYMFOInUUjVJgg7d5qnS
jhU9/wjnygDRUlLorD/gcXIdhq70m+wSnbJamnwX/At/MPVt9R5k80WqHY2veGJf
paHt2ic/qoafsHDDeUQRd1d48spUULT1ZJ2BwAQ1ER1xawhX1hogom/zgXMxlnfN
b6+QeL65hZ/G7koUXHzq45SkJxl/jjTkUxWK
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEJzCCAw+gAwIBAgIRANneUZPYX0NIjR5UolwU07swDQYJKoZIhvcNAQELBQAw
cTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNh
biBGcmFuY2lzY28xDjAMBgNVBAoMBUNpc2NvMSUwIwYDVQQDDBxDaXNjbyBVbWJy
ZWxsYSBQcmltYXJ5IFN1YkNBMB4XDTIwMDEwNzA1MjIyMVoXDTIwMDExODA1MjIy
MVowQDEOMAwGA1UECgwFQ2lzY28xLjAsBgNVBAMMJUNpc2NvIFVtYnJlbGxhIFNl
Y29uZGFyeSBTdWJDQSBkZnctU0cwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDTbvCpq+tRX0ND1wsYdLHZZkLOD66DATbS60/JgGVUNb9zV5W4FeWctINk
YB//2uklUZ8ktt5UC1pwRuoa5KWXjqXzndInsJVdJUtA6MiV1UaciRMP8dMFWvrW
fK0RBife1eA2fe1b+fKeGNlPOBCW5XZqaQ1p/A6A9OeMXFklRJTr93eG+3KppykY
wosWfeYfSln04vS4wTbTjZX6LiTbZteS/nP1BIJ/4Q45RTioRIy362DNB2uzM+lt
plMJh/W+8Q/kcQseJX7W+dto/FTniXT0CqouGmVGim1FekYSSLJTbTHD1AxEfpLp
KAuJ15Bh2D0KiOiNlUPB9BV1fl4RAgMBAAGjgeowgecwEgYDVR0TAQH/BAgwBgEB
/wIBADAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFMyv1Omq+mUAxnWxPmuAU0sL
nCJWMB8GA1UdIwQYMBaAFEVf9ZtxMyWpwE48AkTPPOhGBhbEMIGABggrBgEFBQcB
AQR0MHIwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLm9wZW5kbnMuY29tMEsGCCsG
AQUFBzAChj9odHRwOi8vY2FjZXJ0cy5vcGVuZG5zLmNvbS9EOURFNTE5M0Q4NUY0
MzQ4OEQxRTU0QTI1QzE0RDNCQi5jcnQwDQYJKoZIhvcNAQELBQADggEBAJtFnDtg
Ne6UdkjJuZD+7tQ+l/2hKQVqzPXjuwZiklaMezdkRq0rZ6PNcxWQvzYQD4ISUXcC
qE12RsaOtRjhyoljjeAaPR9P693i+g5YHhSEaDBwRNzaOZkUO5DEe/8cbc2kVBR+
Y9ZS96qmXBREuQAcNii5F0bbmv9SNmDdrmA82D6hNCvxpX+6+ut2O+6mv/6pGoNJ
SooSCUF7JVafaAQtL8czJ+FrfEKv4LrpqxmR+yWpur5/oaTXSCUgxInqF431SstY
2O/Se4KQEO8Yapsb3HbLcQyRQTYvhkSU91DTrZu/m+5uh1IrnuWUld5yMpJEaMiK
sGpxfF4ZB6DN2SE=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEuzCCA6OgAwIBAgIJAcQ3zFeNvKYVMA0GCSqGSIb3DQEBCwUAMDExDjAMBgNV
BAoTBUNpc2NvMR8wHQYDVQQDExZDaXNjbyBVbWJyZWxsYSBSb290IENBMB4XDTE5
MDUyMTE5NTMxOFoXDTI0MDUyMTE5NTMxOFowcTELMAkGA1UEBhMCVVMxEzARBgNV
BAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDjAMBgNVBAoM
BUNpc2NvMSUwIwYDVQQDDBxDaXNjbyBVbWJyZWxsYSBQcmltYXJ5IFN1YkNBMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFEhA5TkN8CiGmW7XjaUbuve
U274v0kt6hRW8UUakmbyLnkI4d/BBQrGW71LYiT2QH4UaoYuihTXjuyAlzDxJ9OQ
Vje2NB9RdE3FcUCISeW5GrQs7vF2xFrjs2TGgG4ZXjE/8WymgFZP50nsTJYf7VqL
1r6Brs59DAbbQ1rVvsz/DFxoE3ruFagSFcOF07/watUxFrAPV+S/kK6Nb5TqrI1j
32hK6i49ujavDcbbb12aozwdoyPSyhs4cB0sCXFHK/yEdaE4CNXEAH8EjKUuj6O2
QUvRtBGM480688BId0T0ws3q+hSzRiVJ+dYCr3iufmTrAMhVwc+EzGjlEfLyXwID
AQABo4IBlDCCAZAwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQEw
UgYDVR0gBEswSTBHBgorBgEEAQkVAR0AMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly93
d3cuY2lzY28uY29tL3NlY3VyaXR5L3BraS9wb2xpY2llcy8wHQYDVR0OBBYEFEVf
9ZtxMyWpwE48AkTPPOhGBhbEMEwGA1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly93d3cu
Y2lzY28uY29tL3NlY3VyaXR5L3BraS9jcmwvY2lzY291bWJyZWxsYXJvb3QuY3Js
MIGHBggrBgEFBQcBAQR7MHkwSQYIKwYBBQUHMAKGPWh0dHA6Ly93d3cuY2lzY28u
Y29tL3NlY3VyaXR5L3BraS9jZXJ0cy9jaXNjb3VtYnJlbGxhcm9vdC5jZXIwLAYI
KwYBBQUHMAGGIGh0dHA6Ly9wa2ljdnMuY2lzY28uY29tL3BraS9vY3NwMB8GA1Ud
IwQYMBaAFENzAN4kukAaQFQsfXzVAEiJDHCkMA0GCSqGSIb3DQEBCwUAA4IBAQC6
P7ugvpQSkNxrzY1ZM0Nd9Q3LaoTERS4ItcxMsswFPl7ID/3Vk3v3ZT6KgtCZ+Nh0
MUgZztLATHf42ZppdSkdMf1HfCmLSWORz/eK+fZxztE63M1EGiZJoe8qFKT9z6qx
iDD989jyjY74sYfiSo5nbhcb5meUrUO6MQvOO5pUnlhWsDiBUg+yBzyfVoLnGRlY
2t7UZVTUz5kbBNFieTIt86yaYAumgOqriz/dCgQltFySbOkrgg/PN7cRv3IWm84C
uKQ9prsXbXLLbl8U+bGRH119prl3zJyRnQ0D+ursCqUnIfziBdKv7yLsupGDGt+Q
oqLzmkMPYE+WZmEi+3j5
-----END CERTIFICATE-----
Miscellaneous Information:
brave-browser-apt-release.s3.brave.com.txt
The text was updated successfully, but these errors were encountered: