6

I am running a mongo db docker container on a network using only https. The container uses apt-get for installing packages. Since network allows only https connections,apt-get is not working for me. I have tried to change http with https in /etc/apt/sources.list and /etc/apt/sources.list.d after installing apt-transport-https. But nothing worked for me. Here is my /etc/apt/sources.list after replacing https with https

deb https://deb.debian.org/debian jessie main deb https://security.debian.org/debian-security jessie/updates main deb https://deb.debian.org/debian jessie-updates main

The mongodb-org.list file in /etc/apt/sources.list.d looks like 

deb https://repo.mongodb.org/apt/debian jessie/mongodb-org/3.2 main

after doing all this apt-get update shows 

Get:1 https://repo.mongodb.org jessie/mongodb-org/3.2 InRelease [384 B] Ign https://repo.mongodb.org jessie/mongodb-org/3.2 InRelease Get:2 https://repo.mongodb.org jessie/mongodb-org/3.2 Release.gpg [801 B] Hit https://repo.mongodb.org jessie/mongodb-org/3.2 Release Get:3 https://deb.debian.org jessie InRelease [309 B] Ign https://deb.debian.org jessie InRelease Hit https://deb.debian.org jessie-updates InRelease Ign https://security.debian.org jessie/updates InRelease Ign https://repo.mongodb.org jessie/mongodb-org/3.2 Release Get:4 https://repo.mongodb.org jessie/mongodb-org/3.2/main amd64 Packages [10.6 kB] Hit https://deb.debian.org jessie Release.gpg Ign https://security.debian.org jessie/updates Release.gpg Ign https://security.debian.org jessie/updates Release Get:5 https://deb.debian.org jessie-updates/main amd64 Packages [337 B] Err https://security.debian.org jessie/updates/main amd64 Packages Hit https://deb.debian.org jessie Release Err https://security.debian.org jessie/updates/main amd64 Packages Err https://security.debian.org jessie/updates/main amd64 Packages Get:6 https://deb.debian.org jessie/main amd64 Packages [329 B] Err https://security.debian.org jessie/updates/main amd64 Packages Err https://security.debian.org jessie/updates/main amd64 Packages server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none Fetched 9110 kB in 8s (1096 kB/s) W: GPG error: https://repo.mongodb.org jessie/mongodb-org/3.2 Release: The following signatures were invalid: KEYEXPIRED 1570654450 W: Size of file /var/lib/apt/lists/partial/deb.debian.org_debian_dists_jessie-updates_main_binary-amd64_Packages.gz is not what the server reported 20 337 W: Failed to fetch https://security.debian.org/debian-security/dists/jessie/updates/main/binary-amd64/Packages server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none E: Some index files failed to download. They have been ignored, or old ones used instead.
Improve this question
1
  • This is an interesting find. It appears that security.debian.org presents an SSL certificate for schmelzer.debian.org. This is failing for good reason! Commented Nov 19, 2019 at 12:30

2 Answers 2

Reset to default
4

The security updates can't be retrieved from https connection , explained on debian

The security.debian.org hosts currently do not have publicly verifiable SSL certificates on HTTPS and hence cannot be used with HTTPS at the moment.

Your can edit your /etc/apt/sources.list as follow:

deb https://deb.debian.org/debian jessie main deb http://security.debian.org/debian-security jessie/updates main deb https://deb.debian.org/debian jessie-updates main

To solve the gpg key error for MongoDB , you should update the gpg key, see Import the public key used by the package management system:

wget -qO - https://www.mongodb.org/static/pgp/server-3.2.asc | sudo apt-key add -
Improve this answer
3
  • 1
    can i remove security.debian.org and use HTTPS version for others ? any issue because of that ? Commented Nov 20, 2019 at 4:27
  • @xaglez The issue is you can't receive the security updates. It is strongly recommended to keep the security repository in your sources. Commented Nov 20, 2019 at 8:16
  • 1
    The issue is my network only allows HTTPS connections and blocks all incoming and outgoing HTTP connections .So if we keep security repository ,which only have HTTP mirror i will not be able to do apt operations Commented Nov 20, 2019 at 8:43
0

If you are using Debian, update your /etc/apt/sources.list entries to point to the official https mirror redirector:

deb https://deb.debian.org/debian/ <dist> <suite> deb-src https://deb.debian.org/debian/ <dist> <suite>

e.g. for Debian unstable:

deb https://deb.debian.org/debian/ unstable main deb-src https://deb.debian.org/debian/ unstable main

You can refer these for more-

Uasigned bug

Improve this answer
1
  • deb https://deb.debian.org/debian jessie main deb https://security.debian.org/debian-security jessie/updates main deb https://deb.debian.org/debian jessie-updates main i have changed my source.list like this .But im not able to use apt-get or apt for installing packages Commented Nov 19, 2019 at 12:56

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.