[SOLVED] apt gpg key still failing for non-subscription repository

[castillian]

I saw that there was a similar thread on the forum a few months ago, and it was unclear if it was ever resolved. I'm new to proxmox and would like to evaluate it but it's not very confidence-inspiring to have such infrastructure problems with bad certificates. I've managed to manually download the gpg file at http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg and the sha512sum does match, and I can perform apt-key add, but when I then attempt either apt update or apt-get update, the process errors due to certificate verification failure (could not handshake 144.217.255.162:443). The gpg file is dated 23-may-2019.

 

[matrix]

may you post full output of apt update command?

 

[fabian]

you probably configured a wrong repository? without subscription, the correct one (for PVE) is

deb http://ftp.debian.org/debian buster main contrib
deb http://ftp.debian.org/debian buster-updates main contrib

# PVE pve-no-subscription repository provided by proxmox.com,
# NOT recommended for production use
deb http://download.proxmox.com/debian/pve buster pve-no-subscription

# security updates
deb http://security.debian.org/debian-security buster/updates main contrib

 

[castillian]

you probably configured a wrong repository?

Nope.

 

[castillian]

may you post full output of apt update command?

Here's the output, in two parts. First STDOUT:

Hit:1 http://security.debian.org buster/updates InRelease
Hit:2 http://ftp.us.debian.org/debian buster InRelease
Hit:3 http://ftp.us.debian.org/debian buster-updates InRelease
Ign:4 https://download.proxmox.com/debian/pve buster InRelease
Err:5 https://download.proxmox.com/debian/pve buster Release
  Certificate verification failed: The certificate is NOT trusted. The name in the certificate does not match the expected.  Could not handshake: Error in the certificate verification. [IP: 144.217.225.162 443]
Reading package lists...

And here's STDERR:

E: The repository 'https://download.proxmox.com/debian/pve buster Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

And here's the relevant line in my apt sources.list

  deb https://download.proxmox.com/debian/pve buster pve-no-subscription

 

[tom]

deb https://download.proxmox.com/debian/pve buster pve-no-subscription

This line is wrong, there is no https here.

See again https://pve.proxmox.com/pve-docs/pve-admin-guide.html#sysadmin_package_repositories

 

[castillian]

This line is wrong, there is no https here.

See again https://pve.proxmox.com/pve-docs/pve-admin-guide.html#sysadmin_package_repositories

Confirmed. Thanks, Tom. Uh, how do I mark this thread "closed" or "resolved" or "fixed"?

 

[janssensm]

On top of the page, next to watch or unwatch button, there's a 3 dot button with pull down menu and "edit thread", you can set it to solved there.

 

[castillian]

On top of the page, next to watch or unwatch button, there's a 3 dot button with pull down menu and "edit thread", you can set it to solved there.

Thanks. Done.