20

Installing Nginx on Scientific Linux according this documentation fails:

[vagrant@localhost ~]$ sudo su -c 'rpm -Uvh http://dl.fedoraproject.org/pub/epe l/6/x86_64/epel-release-6-8.noarch.rpm' Retrieving http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch .rpm warning: /var/tmp/rpm-tmp.gdSOR9: Header V3 RSA/SHA256 Signature, key ID 0608b89 5: NOKEY Preparing... ########################################### [100%] 1:epel-release ########################################### [100%] [vagrant@localhost ~]$ sudo yum install nginx Loaded plugins: security Error: Cannot retrieve repository metadata (repomd.xml) for repository: epel. Pl ease verify its path and try again [vagrant@localhost ~]$

Version information

[vagrant@localhost ~]$ uname -a Linux localhost.localdomain 2.6.32-431.el6.x86_64 #1 SMP Thu Nov 21 13:35:52 CST 2013 x86_64 x86_64 x86_64 GNU/Linux [vagrant@localhost ~]$ cat /etc/*{release,version} Scientific Linux release 6.5 (Carbon) Scientific Linux release 6.5 (Carbon) cat: /etc/*version: No such file or directory [vagrant@localhost ~]$

Note: sudo yum update -y was issued before starting the installation of nginx

Installation of other packages disabled

[vagrant@localhost ~]$ sudo yum install vim -y Loaded plugins: security Error: Cannot retrieve repository metadata (repomd.xml) for repository: epel. Pl ease verify its path and try again [vagrant@localhost ~]$

URLGRABBER Debugger Log

2014-08-03 14:22:44,437 attempt 1/10: https://mirrors.fedoraproject.org/metalink ?repo=epel-6&arch=x86_64 INFO:urlgrabber:attempt 1/10: https://mirrors.fedoraproject.org/metalink?repo=ep el-6&arch=x86_64 2014-08-03 14:22:44,438 opening local file "/var/cache/yum/x86_64/6.5/epel/metal ink.xml.tmp" with mode wb INFO:urlgrabber:opening local file "/var/cache/yum/x86_64/6.5/epel/metalink.xml. tmp" with mode wb * About to connect() to mirrors.fedoraproject.org port 443 (#0) * Trying IP... * connected * Connected to mirrors.fedoraproject.org (IP) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * NSS error -8018 * Closing connection #0 * Problem with the SSL CA cert (path? access rights?) 2014-08-03 14:22:50,071 exception: [Errno 14] PYCURL ERROR 77 - "Problem with th e SSL CA cert (path? access rights?)" INFO:urlgrabber:exception: [Errno 14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)" 2014-08-03 14:22:50,072 retrycode (14) not in list [-1, 2, 4, 5, 6, 7], re-raisi ng INFO:urlgrabber:retrycode (14) not in list [-1, 2, 4, 5, 6, 7], re-raising Error: Cannot retrieve repository metadata (repomd.xml) for repository: epel. Pl ease verify its path and try again

Output yum update before and after attempt to install nginx

[vagrant@localhost ~]$ sudo yum update -y Loaded plugins: security Error: Cannot retrieve repository metadata (repomd.xml) for repository: epel. Pl ease verify its path and try again [vagrant@localhost ~]$

yum --disablerepo="epel" update

[vagrant@localhost ~]$ sudo yum --disablerepo="epel" update Loaded plugins: security Setting up Update Process No Packages marked for Update
Improve this question
12
  • 1
    Try yum update first and see what happens. Commented Aug 3, 2014 at 13:39
  • The issue persist after executing this command before starting to install nginx Commented Aug 3, 2014 at 14:10
  • Try running the install with URLGRABBER_DEBUG=1 yum install nginx 2> debug.log. This will create a large amount of debug info in debug.log , but you may be able to work out where it fails. Commented Aug 3, 2014 at 14:21
  • URLGRABBER Debug Log has been added Commented Aug 3, 2014 at 14:26
  • I think @garethTheRed is right. After adding the repository you need to initialize it to be able to retrieve packages provided by the repository in quesiton. Commented Aug 3, 2014 at 14:45

5 Answers 5

Reset to default
33

The problem is with the nss package being too old. This older version cannot talk with the Fedora site via curl which uses an older version of the nss library.

Just update your nss version to the latest, it solves the problem with the EPEL repo update:

$ sudo yum clean all $ sudo yum --disablerepo="epel" update nss

NOTE: this version of nss-3.14.3-4.el6_4.x86_64 works fine with the EPEL repository.

Improve this answer
3
  • 2
    This one worked for me on Centos 6. Commented Oct 22, 2014 at 17:18
  • 1
    Thank you for posting an answer, but in my case the issue Error: Cannot retrieve repository metadata (repomd.xml) for repository: epel. Please verify its path and try again persists. Commented Nov 15, 2014 at 20:04
  • Awesome! worked for me using Centos 6 Commented Jun 18, 2015 at 21:23
20

If the following fails:

yum check-update

but:

yum --disablerepo="epel" check-update

works, then run:

URLGRABBER_DEBUG=1 yum check-update 2> debug.log

and check debug.log for:

PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"

If this message is found, then try:

yum --disablerepo="epel" reinstall ca-certificates

If that fails to resolve the issue, then you may need to update your ca-certificates:

yum --disablerepo="epel" update ca-certificates

If that fails to resolve the issue, then backup your current CA certificate:

cp /etc/pki/tls/certs/ca-bundle.crt /root/

and run:

curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt

Explanation

The log shows an error with your system's SSL certificates.

The CA certificate bundle on your system might have somehow become corrupt and the yum -disablerepo="epel" reinstall ca-certificates command above simply overwrites yours with a fresh version. This is unlikely to be the answer though as all other repos are working - if there were major SSL issues, then all repos would fail.

The curl... command above replaces your system's CA certificates bundle with a newer version. The CA certificates bundle contain all the root CA certificates that your system trusts.

In this instance the EPEL repo has new SSL certificates (signed by a new root CA) that your system doesn't trust. The CentOS repos continue to work with their slightly older certificates.

Improve this answer
4

I had the same error when working behind a corporate proxy. Updating certificates or using http didn't help. To fix it I had to add a proxy setting to each of the epel repos:

for x in /etc/yum.repos.d/epel*; do sed -i '/^\[/ a proxy=http://YOUR.PROXY.HERE:8080' $x; done

Insert your own proxy details of course.

My repo files now look like this:

[epel] proxy=http://YOUR.PROXY.HERE:8080 name=Extra Packages for Enterprise Linux 6 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch failovermethod=priority enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 [epel-debuginfo] proxy=http://YOUR.PROXY.HERE:8080 ...
Improve this answer
0
2

I had the same problem and fixed it by changing https to simple http.

It is not a perfect solution, but might be a decent workaround depending on your security needs.

Improve this answer
2
  • 1
    This does not really answer the question. If you have a different question, you can ask it by clicking Ask Question. You can also add a bounty to draw more attention to this question once you have enough reputation. Commented Jan 30, 2015 at 6:18
  • 1
    @jordanm Does not affect the main problem but may be a work-around. That's OK for me. Commented Jan 30, 2015 at 7:14
0

I had the same issue, tried all the above steps none worked. Found out how stupid I was because I tried to install with without being logged into root. Even thou my account had sudo access.

sudo yum remove epel-release su root sudo yum install epel-release

Fixed my issues on CentOS 7

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.