download.proxmox.com certificate issue

[bordulets]

hello, can you explain, why PVE 7.1-4 can't apt into http repos? if i set https repos like:
deb https://download.proxmox.com/debian/pve bullseye pve-no-subscription
it requires authorization, which i can't provide.
from another side, if i set http repo, apt gives me this answer:

Err:1 https://download.proxmox.com/debian/pve bullseye InRelease Certificate verification failed: The certificate is NOT trusted. The name in the certificate does not match the expected. Could not handshake: Error in the certificate verification. [IP: 212.224.123.70 443] Hit:2 https://ftp.debian.org/debian bullseye InRelease Hit:4 https://security.debian.org bullseye-security InRelease Hit:3 https://ftp.debian.org/debian bullseye-updates InRelease Reading package lists... Done Building dependency tree... Done Reading state information... Done All packages are up to date. W: Failed to fetch http://download.proxmox.com/debian/pve/dists/bullseye/InRelease Certificate verification failed: The certificate is NOT trusted. The name in the certificate does not match the expected. Could not handshake: Error in the certificate verification. [IP: 212.224.123.70 443] W: Some index files failed to download. They have been ignored, or old ones used instead.

here is contents of apt.conf.d: https://pastebin.com/GMV8ZwQ5

please help. many thanx

 

[Stoiko Ivanov]

see https://forum.proxmox.com/threads/a...on-subscription-repository.78742/#post-348801
the pve-no-subscription and pve-test repo are available at http://download.proxmox.com (not https)

see also:
https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#sysadmin_package_repositories

I hope this helps!

 

[bordulets]

see https://forum.proxmox.com/threads/a...on-subscription-repository.78742/#post-348801
the pve-no-subscription and pve-test repo are available at http://download.proxmox.com (not https)

see also:
https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#sysadmin_package_repositories

I hope this helps!

I'm sorry, but i'm configured pve exactly as in your documentation. What i have in repos:

deb http://ftp.debian.org/debian bullseye main contrib
deb http://ftp.debian.org/debian bullseye-updates main contrib

# PVE pve-no-subscription repository provided by proxmox.com,
# NOT recommended for production use
deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription

# security updates
deb http://security.debian.org/debian-security bullseye-security main contrib

And there is an output:

Err:4 https://download.proxmox.com/debian/pve bullseye InRelease
  Certificate verification failed: The certificate is NOT trusted. The name in the certificate does not match the expected.  Could not handshake: Error in the certificate verification. [IP: 212.224.123.70 443]
Hit:1 https://ftp.debian.org/debian bullseye InRelease
Hit:3 https://security.debian.org/debian-security bullseye-security InRelease
Hit:2 https://ftp.debian.org/debian bullseye-updates InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: Failed to fetch http://download.proxmox.com/debian/pve/dists/bullseye/InRelease  Certificate verification failed: The certificate is NOT trusted. The name in the certificate does not match the expected.  Could not handshake: Error in the certificate verification. [IP: 212.224.123.70 443]
W: Some index files failed to download. They have been ignored, or old ones used instead.

How i can forcefully setup apt to get files only via http? Not just in a sources.list and sources.list.d

 

[t.lamprecht]

And there is an output:
Err:4 https://download.proxmox.com/debian/pve bullseye InRelease

You may have the https version configured in another .list file, check:

grep 'https://download' /etc/apt/sources.list /etc/apt/sources.list.d/*.list

 

[bordulets]

It's all right, I figured out, what's wrong. it's a mikrotik Hotspot unexpected config, which rerouted all http requests into https. Thanks for help!