That’s not a recommended way in current Debian distros. Refer to the web page at apt.syncthing.net to see the most recent instructions. Importing the key and allowing it to verify packages only from that repository is part of the instructions.
I tried Bug Reporter’s idea and it didn’t help.
Andre, I’m following the install procedure from the website exactly but I’m not having any success. As I’ve said earlier Ive installed this on several Raspberry Pis but it seems that since the ca-certificates have changed I’m no longer able to fetch the data
If you can offer any help it would be great.
Pete
The very first step on the page is to import the key:
sudo curl -s -o /usr/share/keyrings/syncthing-archive-keyring.gpg https://syncthing.net/release-key.gpg
Can you show if that file exists and what the permissions are? Post the output of ls -l /usr/share/keyrings/syncthing-archive-keyring.gpg please.
Then make sure the contents of /etc/apt/sources.list.d/syncthing.list are correct. Please post them.
Finally, there might be other configuration snippets leftover from previous attempts. Try grep -r syncthing /etc/apt/sources.list*
If you don’t want to have that release key able to sign any package for any repository, try sudo apt-key del 37C84554E7E0A261E4F76E1ED26E6ED000654A3E to remove it. The recommended way is to keep it in /usr/share/keyrings and point APT directly to it.
Oh and please try to paste command line output as a code block (in the post editor, use the </> icon).
Thanks Andre,
I’m going to start again using a disc image made before all this experimentation started and I will post my results.
Thanks for your help,
Pete
Following the import of:
sudo curl -s -o /usr/share/keyrings/syncthing-archive-keyring.gpg
Using:
sudo nano ls -l /usr/share/keyrings/syncthing-archive-keyring.gpg
I dont get very much the screen just shows:
1
Pete
There is an extra nano in your command that should not be there.
ok using:
sudo ls -l /usr/share/keyrings/syncthing-archive-keyring.gpg
I get:
ls: cannot access '/usr/share/keyrings/syncthing-archive-keyring.gpg': No such file or directory
curl probably throws an error which is silenced by the -s option. Could you try again without it?
I assume that you mean in the original import line?
So this is what I used:
sudo curl -o /usr/share/keyrings/syncthing-archive-keyring.gpg https://syncthing.net/release-key.gpg
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
So we’re back to the outdated ca-certificates problem. Since restoring the image, you probably have not installed the system updates yet. Try this:
sudo apt update
sudo apt upgrade
Have you set the time correctly? Failing TLS connections on a Raspberry Pi can be caused by clock issues, because it does not keep track of the time when powered off.
What operating system image is this? Raspbian? Which version?
It’s running: Raspbian GNU/Linux 9 Stretch
The date and time are correct when I type ‘Date’ at the command prompt.
I will now try the two updates
Debian 9 is EOL. Updating your OS should be your first priority.
The Raspberry Pi that I’m running these tests on is on my desk but the ones I need to add Syncthing to are all over the country, so Updating the OS without getting in the car may be a bit of a challenge.
I have now completed the Update and the Upgrade
Not true. It is ancient, but it still has security support until July 2022. It will even likely get the usual 2 more years of inofficial, commercial, but freely available extended support. Not saying you should not upgrade the system, this thread speaks for itself why you should, but it is supported 
1 Like
Thanks Simon, I will aim to roll out completely updated systems in the next few months anyway I think.
But I would like to get this working first as it works so brilliantly.
If raspbian is not fucking up badly (as in holding back vital updates like this from debian), and if you do update&upgrade and update-ca-certificates, then there’s no reason why it wouldn’t work.
There is definitely a newer version available in Raspbian, but apparently it’s not yet pulled into stretch.
You can try to install the more recent version from bullseye: http://mirrordirector.raspbian.org/raspbian/pool/main/c/ca-certificates/ca-certificates_20210119_all.deb
ok I’ll try to update the certificates as recommended by Simon next
ok it says done,
Should I try the complete Syncthing install sequence now?
update-ca-certificates won’t do anything without a newer version of the certificate collection. You first need to install that .deb file:
curl http://mirrordirector.raspbian.org/raspbian/pool/main/c/ca-certificates/ca-certificates_20210119_all.deb
sudo apt install ./ca-certificates_20210119_all.deb
I wonder why there are no similar reports about Raspbian stretch all over the internet. Guess it’s hard to find because people usually describe a concrete symptom, like here, instead of the underlying problem… 