原因
国外论坛说了原因大致是:Let’s Encrypt 's — 一个免费、自动化和开放的证书颁发机构,根证书“DST Root CA X3”已于2021 年 9 月 30 日到期。
对于大多数实际用途而言,这无关紧要,因为 Let’s Encrypt 已经将其证书迁移到“ISRG Root X1”。它与新系统上的 ISRG Root X1 证书链接,而旧系统上的 ISRG Root X1 与 DST Root CA X3 交叉签名。但是,DST Root CA X3 到期会影响依赖与操作系统捆绑的旧可信证书的嵌入式系统和服务器。
lynx或curl依赖默认证书**库来信任安全 URL,如果证书尚未更新,它将在 2021 年 9 月 30 日之后开始失败,并收到类似于以下内容的错误:
curl: (60) The certificate issuer's certificate has expired. Check your system date and time.OR
server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none解决办法
centos
sudo yum install ca-certificates sudo update-ca-trust extractDebian
sudo apt-get install --reinstall ca-certificatesPS:如果yum之前清了缓存,更新不了,下面有一个方案,一般不推荐使用
暂时关闭SSL检查认证
在编辑器上添加一行
sslverify=false在关闭认证后,可以正常使用yum更新包,注意更新完成后将这行去掉,
跳转到内容
yum [Errno 14] curl#60 – “The certificate issuer’s certificate has expired. Check your system date and time.(yum [Errno 14] curl#60 – “The certificate issuer’s certificate has expired. Check your system date and time.)
1. 原因
2. 解决
手动更新ca-certificates 软件包及其依赖更新完成后再执行 命令即恢复正常
yum makecahce fast————————
1. Reasons
yum 调用curl 命令下载软件包,而curl 命令在从https 路径下载软件包时,会通过本地ca-certicifates 包中的文件校验证书合法性,如果ca-certificates 包过期,则会出现证书过期的问题2. Solution
手动更新ca-certificates 软件包及其依赖Execute after the update is completed The command returns to normal
yum makecahce fast文章导航
一 错误信息 点击查看代码 curl performs SSL certificate verification by default, using a "bundle"
curl: (60) The certificate issuer's certificate has expired. Check your system date and time.
More details here: //curl.haxx.se/docs/sslcerts.html
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
二 解决办法
2.1 浏览器访问链接
2.2 找到网站证书并导出
2.3 打开导出的证书
2.4 将内容追加到 /etc/pki/tls/certs/ca-bundle.crt
三 验证结果
点击查看代码
* About to connect() to packagist.phpcomposer.com port 443 (
* Trying 39.104.163.221...
* Connected to packagist.phpcomposer.com (39.104.163.221) port 443 (
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Server certificate:
* subject: CN=*.phpcomposer.com
* start date: Aug 23 16:02:51 2021 GMT
* expire date: Nov 21 16:02:50 2021 GMT
* common name: *.phpcomposer.com
* issuer: CN=R3,O=Let's Encrypt,C=US
> GET /packages.json HTTP/1.1
> User-Agent: curl/7.29.0
> Host: packagist.phpcomposer.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx
< Date: Tue, 02 Nov 2021 03:08:20 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 308
< Last-Modified: Sat, 20 Jun 2020 09:04:57 GMT
< Connection: keep-alive
< Vary: Accept-Encoding
< ETag: "5eedd139-134"
< Expires: Tue, 02 Nov 2021 03:08:20 GMT
< Cache-Control: max-age=0
< Access-Control-Allow-Origin: *
< Accept-Ranges: bytes
<
{
"packages":[],
"notify":"//packagist.org/downloads/%package%",
"notify-batch":"//packagist.org/downloads/",
"metadata-url":"/p2/%package%.json",
"search":"//packagist.org/search.json?q=%query%&type=%type%",
"providers-lazy-url":"//repo.packagist.org/p/%package%.json"
}
* Connection #0 to host packagist.phpcomposer.com left intact
- 赞
- 收藏
- 评论
- 举报
举报文章
请选择举报类型
内容侵权 涉嫌营销 内容抄袭 违法信息 其他
上传截图
格式支持JPEG/PNG/JPG,图片不超过1.9M
已经收到您得举报信息,我们会尽快审核