Error with apt-get update and Kicksecure APT repository
Issue present as of Wed Jun 5 09:00 UTC
Err:1 tor+https://deb.kicksecure.com bookworm InRelease
Certificate verification failed: The certificate is NOT trusted. The revocation or OCSP data are old and have been superseded. Could not handshake: Error in the certificate verification. [IP: 127.0.0.1 9050]
The system time is set correctly with sdwdate.
I had the same issue earlier and now I’m getting HTTP 500 errors for that repo. Seems like they’re having server issues.
Issue has been solved by server-side changes.
Certificate verification failed: The certificate is NOT trusted. The revocation or OCSP data are old and have been superseded. Could not handshake: Error in the certificate verification. [IP: 127.0.0.1 9050]
I also got the same error message, I tried reinstalling the certificates “sudo apt-get install --reinstall ca-certificates” but it didn’t help. What should I do, wait for the problem to be solved by the server?
Will be fixed within 24 hours most likely.
Fixed.
I confirm, everything works, Thanks Patrick
Having this issue currently on the deb .whonix. org repo.
E:Failed to fetch tor+https://deb whonix org/dists/bookworm/InRelease Certificate verification failed: The certificate is NOT trusted. The received OCSP status response is invalid. Could not handshake: Error in the certificate verification. [IP: 127.0.0.1 8082], E:Some index files failed to download. They have been ignored, or old ones used instead.
Is this something on my end?
I believe I see the certificate was updated recently, probably will resolve itself with time.
I am experiencing the same issue - is there a reason Whonix is still checking OCSP? Let’s Encrypt is ending support in the next few months.
I’m seeing the problem on both Whonix-Gateway and Whonix-Workstation on Qubes OS R4.3.
Still having this issue!
Ign:1 tor+https://deb.whonix.org bookworm-testers InRelease
Err:1 tor+https://deb.whonix.org bookworm-testers InRelease
Certificate verification failed: The certificate is NOT trusted. The received OCSP status response is invalid. Could not handshake: Error in the certificate verification. [IP: 127.0.0.1 8082]
Fetched 777 kB in 10s (76.3 kB/s)
Reading package lists... Done
E: Failed to fetch tor+https://deb.whonix.org/dists/bookworm-testers/InRelease Certificate verification failed: The certificate is NOT trusted. The received OCSP status response is invalid. Could not handshake: Error in the certificate verification. [IP: 127.0.0.1 8082]
E: Some index files failed to download. They have been ignored, or old ones used instead.
zsh: exit 100 apt update
[template workstation root ~]# apt update && apt full-upgrade && apt autoremove --purge && apt autoclean
Hit:1 tor+https://deb.debian.org/debian bookworm InRelease
Hit:2 tor+https://packages.element.io/debian default InRelease
Hit:3 https://deb.qubes-os.org/r4.2/vm bookworm InRelease
Hit:4 tor+https://deb.debian.org/debian bookworm-updates InRelease
Hit:5 tor+https://deb.kicksecure.com bookworm-testers InRelease
Hit:6 tor+https://fasttrack.debian.net/debian bookworm-fasttrack InRelease
Hit:7 tor+https://deb.debian.org/debian-security bookworm-security InRelease
Hit:8 tor+https://deb.debian.org/debian bookworm-backports InRelease
Ign:9 tor+http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion bookworm-testers InRelease
Err:10 tor+http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion bookworm-testers Release
404 Not Found [IP: 127.0.0.1 8082]
Reading package lists... Done
E: The repository 'tor+http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion bookworm-testers Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
zsh: exit 100 apt update
OCSP deprecation on the server wasn’t fully applied yet.
Hopefully now fixed for good.
Can confirm this is now fixed