View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0018580CentOS-7yumpublic2023-03-15 17:182023-03-16 00:05
Reportersylvieg Assigned To 
PrioritynormalSeveritymajorReproducibilitysometimes
Status closedResolutionno change required 
Product Version7.9.2009 
Summary0018580: Impossible to install postgresql
DescriptionOn some servers, or perhaps recently. I can not install postgresql.
sudo yum install postgresql13-server
I had some time ago installed successfully on our dev server, but no success for any new server

There is a problem with an expired certificate.

Effectively if I do the same command on a server where I want to install postgresql and one where postgresql was installed successfully
==============================
openssl s_client -connect download.postgresql.org:443 -servername download.postgresql.org | openssl x509 -dates -noout
depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
notBefore=Feb 18 06:08:12 2023 GMT
notAfter=May 19 06:08:11 2023 GMT
===================================
 openssl s_client -connect download.postgresql.org:443 -servername download.postgresql.org | openssl x509 -dates -noout
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = ftp.postgresql.org
verify return:1
notBefore=Jan 30 21:08:05 2023 GMT
notAfter=Apr 30 21:08:04 2023 GMT
==========================================


When I run sudo yum install postgresql13-server
I can have 2 types of error
=============================================
sudo yum install postgresql13-server
Loaded plugins: fastestmirror
base | 3.6 kB 00:00
epel/x86_64/metalink | 15 kB 00:00
epel | 4.7 kB 00:00
extras | 2.9 kB 00:00
niftyrepo | 2.4 kB 00:00
updates | 2.9 kB 00:00
(1/2): epel/x86_64/updateinfo | 1.0 MB 00:00
(2/2): epel/x86_64/primary_db | 7.0 MB 00:01
Loading mirror speeds from cached hostfile
 * base: download.cf.centos.org
 * epel: d2lzkl7pfhq30w.cloudfront.net
 * extras: download.cf.centos.org
 * updates: download.cf.centos.org
No package postgresql13-server available.
Error: Nothing to do
=============================================================
sudo yum install postgresql13-server
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00
epel/x86_64/metalink | 15 kB 00:00:00
http://mirror.es.its.nyu.edu/epel/7/x86_64/repodata/repomd.xml: [Errno 12] Timeout on http://mirror.es.its.nyu.edu/epel/7/x86_64/repodata/repomd.xml: (28, 'Connection timed out after 30001 milliseconds')
Trying other mirror.
epel | 4.7 kB 00:00:00
extras | 2.9 kB 00:00:00
https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-7-x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "The certificate issuer's certificate has expired. Check your system date and time."
Trying other mirror.
It was impossible to connect to the CentOS servers.
This could mean a connectivity issue in your environment, such as the requirement to configure a proxy,
or a transparent proxy that tampers with TLS security, or an incorrect system clock.
Please collect information about the specific failure that occurs in your environment,
using the instructions in: https://access.redhat.com/solutions/1527033 and create a bug on https://bugs.centos.org/



 One of the configured repositories failed (PostgreSQL common RPMs for RHEL / CentOS 7 - x86_64),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=pgdg-common ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable pgdg-common
        or
            subscription-manager repos --disable=pgdg-common

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=pgdg-common.skip_if_unavailable=true
failure: repodata/repomd.xml from pgdg-common: [Errno 256] No more mirrors to try.
https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-7-x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "The certificate issuer's certificate has expired. Check your system date and time."
=========================================================================

Thank you for your help
Steps To Reproducesudo yum install postgresql13-server

I installed the repo by downloading locally the rpm
Tagspostgresql
abrt_hash
URL

Activities

TrevorVF

TrevorVF

2023-03-15 17:29

reporter   ~0039078

You need to report this to the maintainers of the postgres repos not to CentOS. The repo is not a CentOS one and no-one has access to it or can do anything about this. You should also do what the error says and check your own machine's date and time since the SSL cert on download.postgresql.org does not appear to be expired to me.
ManuelWolfshant

ManuelWolfshant

2023-03-16 00:05

manager   ~0039079

The error "https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-7-x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "The certificate issuer's certificate has expired. Check your system date and time."" could indicate that either the date of the system you are testing from is incorrect or the mirror you have contacted really has an old certificate. We cannot help in any of these cases since those are not CentOS bugs.

Issue History

Date Modified Username Field Change
2023-03-15 17:18 sylvieg New Issue
2023-03-15 17:18 sylvieg Tag Attached: postgresql
2023-03-15 17:29 TrevorVF Note Added: 0039078
2023-03-16 00:05 ManuelWolfshant Status new => closed
2023-03-16 00:05 ManuelWolfshant Resolution open => no change required
2023-03-16 00:05 ManuelWolfshant Note Added: 0039079