You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Summary
ca-certificates doesn't include the new Lets Encrypt CA which prevents opkg update and other opkg actions as wget rejects the certs for https://downloads.openwrt.org
Supply the following if possible:
Device problem occurs on
Zbtlink ZBT-WG3526 (16M)
Software versions of OpenWrt/LEDE release, packages, etc.
OpenWrt 21.02.0 r16279-5cc0535800 / LuCI openwrt-21.02 branch git-21.231.26241-422c175
ca-certificates 20210119-1
Attached is the certificate chain that is problematic for this version of openwrt. My browser (Firefox 92.0.1 (64-bit) on macOS 11.6) has no issues with this CA chain.
Workaround, run the opkg commands directly (not through LuCI) and add the flag --no-check-certificate
Example opkg update --no-check-certificate&& opkg install ca-certificates --no-check-certificate
The text was updated successfully, but these errors were encountered:
RichardoC:
Summary
ca-certificates doesn't include the new Lets Encrypt CA which prevents opkg update and other opkg actions as wget rejects the certs for https://downloads.openwrt.org
Supply the following if possible:
Zbtlink ZBT-WG3526 (16M)
OpenWrt 21.02.0 r16279-5cc0535800 / LuCI openwrt-21.02 branch git-21.231.26241-422c175
ca-certificates 20210119-1
root@OpenWrt:~# opkg update
Downloading https://downloads.openwrt.org/releases/21.02.0/targets/ramips/mt7621/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0/targets/ramips/mt7621/packages/Packages.gz
Downloading https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/base/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/base/Packages.gz
Downloading https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/luci/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/luci/Packages.gz
Downloading https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/packages/Packages.gz
Downloading https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/routing/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/routing/Packages.gz
Downloading https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/telephony/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/telephony/Packages.gz
Collected errors:
opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/telephony/Packages.gz, wget returned 5.
Testing the wget directly
root@OpenWrt:~# wget https://downloads.openwrt.org/releases/21.02.0/packages/mip
sel_24kc/telephony/Packages.gz
Downloading 'https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/telephony/Packages.gz'
Connecting to 168.119.138.211:443
Connection error: Invalid SSL certificate
Attached is the certificate chain that is problematic for this version of openwrt. My browser (Firefox 92.0.1 (64-bit) on macOS 11.6) has no issues with this CA chain.
Workaround, run the opkg commands directly (not through LuCI) and add the flag
--no-check-certificate
Example
opkg update --no-check-certificate&& opkg install ca-certificates --no-check-certificate
The text was updated successfully, but these errors were encountered: