Certificates are expired

I think certs have expired somewhere. I have tried the post that says same thing among many other things and so far I have not fixed it yet.

This is the error:

sudo apt-get update Hit:1 http://gb.archive.ubuntu.com/ubuntu focal InRelease Hit:2 Index of /repos/code/ stable InRelease Hit:3 Index of /graphics-drivers/ppa/ubuntu focal InRelease
Hit:4 Index of /utappia/stable/ubuntu focal InRelease
Hit:5 Index of /node_14.x/ focal InRelease
Ign:6 https://apt.syncthing.net syncthing InRelease
Err:7 https://apt.syncthing.net syncthing Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 82.196.13.137 443] Hit:8 https://dl.yarnpkg.com/debian stable InRelease
Hit:9 https://packagecloud.io/slacktechnologies/slack/debian jessie InRelease Reading package lists… Done E: The repository ‘https://apt.syncthing.net syncthing Release’ no longer has a Release file. N: Updating from such a repository can’t be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.

Running the following it looks like a root cert expiry:

$ openssl s_client -connect apt.syncthing.net:443 CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let’s Encrypt, CN = R3 verify return:1 depth=0 CN = apt.syncthing.net verify return:1

Certificate chain 0 s:CN = apt.syncthing.net i:C = US, O = Let’s Encrypt, CN = R3 1 s:C = US, O = Let’s Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1 i:O = Digital Signature Trust Co., CN = DST Root CA X3

Server certificate

This indicates it is expired I think too:

Apologies if this is not related to syncthing but it seems like syncthing repo is the only one throwing this error.

Seems this fixes it FWIW

sudo rm /etc/ssl/certs/DST_Root_CA_X3.pem
sudo update-ca-certificates # ... needed this I think
sudo apt-get update

This should impact quite a few people so hopefully is useful but I don’t think this is anything to do with syncthing per se.

1 Like

This is known since a while, see e.g. x509: certificate has expired or is not yet valid and APT error while updating

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.