Opkg update problem - Invalid SSL certificate (Letsencrypt global root cert expiration)

opkg update gets:

root@Repeater_WZ:/# opkg update
Downloading https://downloads.openwrt.org/releases/21.02.0/targets/ath79/generic/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0/targets/ath79/generic/packages/Packages.gz

Downloading https://downloads.openwrt.org/releases/21.02.0/packages/mips_24kc/base/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0/packages/mips_24kc/base/Packages.gz

Downloading https://downloads.openwrt.org/releases/21.02.0/packages/mips_24kc/luci/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0/packages/mips_24kc/luci/Packages.gz

Downloading https://downloads.openwrt.org/releases/21.02.0/packages/mips_24kc/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0/packages/mips_24kc/packages/Packages.gz

Downloading https://downloads.openwrt.org/releases/21.02.0/packages/mips_24kc/routing/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0/packages/mips_24kc/routing/Packages.gz

Downloading https://downloads.openwrt.org/releases/21.02.0/packages/mips_24kc/telephony/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0/packages/mips_24kc/telephony/Packages.gz

Collected errors:
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0/targets/ath79/generic/packages/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0/packages/mips_24kc/base/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0/packages/mips_24kc/luci/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0/packages/mips_24kc/packages/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0/packages/mips_24kc/routing/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0/packages/mips_24kc/telephony/Packages.gz, wget returned 5.
root@Repeater_WZ:/#

wget gets:

root@Repeater_WZ:/# wget https://downloads.openwrt.org/releases/21.02.0/targets/ath79/generic/packages/Packages.gz
Downloading 'https://downloads.openwrt.org/releases/21.02.0/targets/ath79/generic/packages/Packages.gz'
Connecting to 2a01:4f8:251:321::2:443
Connection error: Invalid SSL certificate
root@Repeater_WZ:/#

Yesterday all was fine ..

Me too, your are not alone, maybe is something about servers are down?

First guess:
Probably due to letsencrypt root certificate expiration today...

See

Executing package manager
Downloading https://downloads.openwrt.org/releases/21.02.0/targets/ramips/mt7621/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0/targets/ramips/mt7621/packages/Packages.gz

Downloading https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/base/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/base/Packages.gz

Downloading https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/luci/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/luci/Packages.gz

Downloading https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/packages/Packages.gz

Downloading https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/routing/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/routing/Packages.gz

Downloading https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/telephony/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/telephony/Packages.gz
Errors
Collected errors:
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0/targets/ramips/mt7621/packages/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/base/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/luci/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/packages/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/routing/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.0/packages/mipsel_24kc/telephony/Packages.gz, wget returned 5.
The opkg update command failed with code 6.

This is the error that i get.

same error for me too
and....

Downloading 'https://downloads.openwrt.org/releases/21.02.0/targets/ath79/generic/packages/Packages.g'
Connecting to 168.119.138.211:443
Connection error: Invalid SSL certificate

Me too.
All our routers using 21.02.0 are experiencing this.
The one using 19.07.7 and openSSL seems fine.
Error:

root@OpenWRT:/tmp# curl -v https://downloads.openwrt.org/releases/21.02.0/packages/arm_cortex-a15_neon-vfpv4/telephony/Packages.gz
*  CA signer not available for verification
curl: (77)  CA signer not available for verification

The cert is in /etc/ssl/certs/ca-certificates.crt. As the other thread for badcert-expired hints at, problem might be the wolfssl libraries.

You can temporarily use opkg with a --no-check-certificate key.

oooh...thank you for that tip!

Or you can edit the /etc/opkg/distfeeds.conf and change all https to http

I started installing 21.02 just now for the very first time, and run into this.
That timing, what are the odds? Just my luck lol

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.