Re: BUG #17210: Postgres Let'sEncrypt root certificate is expired and breaks installation of postgres-client

Поиск
Список
Период
Сортировка
От Magnus Hagander
Тема Re: BUG #17210: Postgres Let'sEncrypt root certificate is expired and breaks installation of postgres-client
Дата
Msg-id CABUevEyGh-iD7nzPNi5OWZnkbg2NSP_WRTgx3bWeMzBS=5WC7Q@mail.gmail.com
обсуждение исходный текст
Ответ на BUG #17210: Postgres Let'sEncrypt root certificate is expired and breaks installation of postgres-client  (PG Bug reporting form <noreply@postgresql.org>)
Список pgsql-bugs
Дерево обсуждения


On Fri, Oct 1, 2021 at 3:36 PM PG Bug reporting form <noreply@postgresql.org> wrote:
The following bug has been logged on the website:

Bug reference:      17210
Logged by:          Andres Ehrenpreis
Email address:      andres.ehrenpreis@gmail.com
PostgreSQL version: 11.12
Operating system:   Ubuntu 16.04.7 LTS
Description:       

When installing Postgres through Chef like this:

# PostgreSQL database client:
postgresql_client_install "Install PostgreSQL-client v11" do
  version "11"
end

Then server-deployment fails with the error as follows:
[2021-10-01T12:06:52+00:00] ERROR: SSL Validation failure connecting to
host: download.postgresql.org - SSL_connect returned=1 errno=0 state=error:
certificate verify failed (certificate has expired)

Looks like download.postgresql.org cert-chain is broken.

Please don't cross-post the same question to multiple locations.

I will copy the response you already received, for anybody finding this in the archives:

The certificate has not expired, but it is updated with the newer chain from LetsEncrypt. This error is normally caused by your operating system having a very old and unpatched version of OpenSSL on it. What operating system and version are you running, and what's the version of your OpenSSL packages?

I guess this one does include the operating system, being ubuntu 16.04. A fully patched Ubuntu 16.04 should have no problem accessing the site using the standard tools. So either your system is not fully patched, or Chef is doing something differently, in which case you need to bring it up with chef. (The standard install ways for PostgreSQL on Debian and Ubuntu does not include the hostname download.postgresql.org anywhere)

--

В списке pgsql-bugs по дате отправления:

Предыдущее
От: PG Bug reporting form
Дата:
Сообщение: BUG #17210: Postgres Let'sEncrypt root certificate is expired and breaks installation of postgres-client
Следующее
От: Tom Lane
Дата:
Сообщение: Re: BUG #17207: Bad cost estimate of Merge Join despite correct row estimate