1 Topic by Ice-Cue

  • Ice-Cue
  • Member
  • Offline
  • Registered: 2020-04-23
  • Posts: 10

Topic: Sogo Updating on Ubuntu

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,

does anyone know how i can Fix the Release Certification issue on upgrading Sogo?

I Try to upgrade with "apt-get install --only-upgrade sogo sogo-activesync"


root@webmail ~ # apt-get install --only-upgrade sogo sogo-activesync
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
  sogo sogo-activesync
2 upgraded, 0 newly installed, 0 to remove and 8 not upgraded.
Need to get 21.2 MB of archives.
After this operation, 7,168 B of additional disk space will be used.
Err:1 https://packages.inverse.ca/SOGo/nightly/4/ubuntu bionic/bionic amd64 sogo-activesync amd64 4.3.2.20200528-1
  Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. [IP: 192.95.20.194 443]
Err:2 https://packages.inverse.ca/SOGo/nightly/4/ubuntu bionic/bionic amd64 sogo amd64 4.3.2.20200528-1
  Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. [IP: 192.95.20.194 443]
E: Failed to fetch https://packages.inverse.ca/SOGo/nightly/4/ubuntu/pool/bionic/s/sogo/sogo-activesync_4.3.2.20200528-1_amd64.deb  Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. [IP: 192.95.20.194 443]
E: Failed to fetch https://packages.inverse.ca/SOGo/nightly/4/ubuntu/pool/bionic/s/sogo/sogo_4.3.2.20200528-1_amd64.deb  Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. [IP: 192.95.20.194 443]
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

thnaks alot for your help.
greets,
Ice-Cue

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by websavages

  • websavages
  • Member
  • Offline
  • Registered: 2020-05-26
  • Posts: 9

Re: Sogo Updating on Ubuntu

If you check https://packages.inverse.ca/SOGo/nightly/4/ubuntu in a web browser you'll see that there isn't a problem with the SSL cert on the inverse.ca side.

This is further underlined by the error message which states "Certificate verification failed: The certificate is NOT trusted" i.e. your ubuntu install doesn't trust whoever signed the Inverse SSL certs.

This isn't an iRedMail problem it's an Ubuntu problem and there are plenty of website which can help you. Make google do the hard work for you.

Cheers ws

3 Reply by Johnny007

  • Johnny007
  • Member
  • Offline
  • Registered: 2020-05-29
  • Posts: 32

Re: Sogo Updating on Ubuntu

Hello Ice-cue

Try the link below, BUT please place the option in a newly created file for exception ONLY.

https://unix.stackexchange.com/question … ertificate

Hopefully that works. I remember once using that, and it helped.

Also you can try updating your CA Certificates

4 Reply by websavages

  • websavages
  • Member
  • Offline
  • Registered: 2020-05-26
  • Posts: 9

Re: Sogo Updating on Ubuntu

Having done a bit more digging, it would appear that the intermediate certificate in the chain for packages.inverse.ca has just expired (expiry date set to: May 30 @ 11.48 BST).

At some stage someone at Inverse will work this out and update the SSL cert.

In short, be patient. there is nothing broken.

Cheers ws

5 Reply by Johnny007

  • Johnny007
  • Member
  • Offline
  • Registered: 2020-05-29
  • Posts: 32

Re: Sogo Updating on Ubuntu

websavages wrote:

Having done a bit more digging, it would appear that the intermediate certificate in the chain for packages.inverse.ca has just expired (expiry date set to: May 30 @ 11.48 BST).

At some stage someone at Inverse will work this out and update the SSL cert.

In short, be patient. there is nothing broken.

Cheers ws

Great find smile smile ... I was just digging around a bit, as I saw same thing come up.

But, if you don't want to wait around, temporarily, you can turn off Certification Verification. Install it, and then turn it back on.

6 Reply by Ice-Cue

  • Ice-Cue
  • Member
  • Offline
  • Registered: 2020-04-23
  • Posts: 10

Re: Sogo Updating on Ubuntu

Johnny007 wrote:
websavages wrote:

Having done a bit more digging, it would appear that the intermediate certificate in the chain for packages.inverse.ca has just expired (expiry date set to: May 30 @ 11.48 BST).

At some stage someone at Inverse will work this out and update the SSL cert.

In short, be patient. there is nothing broken.

Cheers ws

Great find smile smile ... I was just digging around a bit, as I saw same thing come up.

But, if you don't want to wait around, temporarily, you can turn off Certification Verification. Install it, and then turn it back on.




thanks alot,

you boys made my day :-)

7 Reply by Davesworld (edited by Davesworld 2020-05-31 04:15:51)

  • Davesworld
  • Member
  • Offline
  • Registered: 2013-04-15
  • Posts: 8

Re: Sogo Updating on Ubuntu

websavages wrote:

If you check https://packages.inverse.ca/SOGo/nightly/4/ubuntu in a web browser you'll see that there isn't a problem with the SSL cert on the inverse.ca side.

This is further underlined by the error message which states "Certificate verification failed: The certificate is NOT trusted" i.e. your ubuntu install doesn't trust whoever signed the Inverse SSL certs.

This isn't an iRedMail problem it's an Ubuntu problem and there are plenty of website which can help you. Make google do the hard work for you.

Cheers ws

It also happens on Debian as of today whereas it was NOT a problem a few days ago.

8 Reply by Davesworld

  • Davesworld
  • Member
  • Offline
  • Registered: 2013-04-15
  • Posts: 8

Re: Sogo Updating on Ubuntu

Sadly I am trying to install a new instance and I really DO want sogo, it's worth the extra gig of memory it uses.

9 Reply by Johnny007

  • Johnny007
  • Member
  • Offline
  • Registered: 2020-05-29
  • Posts: 32

Re: Sogo Updating on Ubuntu

Davesworld wrote:

Sadly I am trying to install a new instance and I really DO want sogo, it's worth the extra gig of memory it uses.

Ok follow these steps closely (if using Debian / Ubuntu / CentOS)

1. Login to your server, make sure you have root access (Sudo or SU)
2. Go to the following directory /etc/apt/apt.conf.d/
3. Create a file with your favorite editor (I like NANO)

nano 80ssl-exceptions

4. Copy paste the following into the editor

Acquire::https::packages.inverse.ca::Verify-Peer "false";
Acquire::https::packages.inverse.ca::Verify-Host "false";

5. Save that file
6. Run setup, this time it will go through and install SOGO and ignore the warnings

Once installation completes, go back to that folder above, and delete this file.

10 Reply by Davesworld (edited by Davesworld 2020-05-31 07:59:48)

  • Davesworld
  • Member
  • Offline
  • Registered: 2013-04-15
  • Posts: 8

Re: Sogo Updating on Ubuntu

Johnny007 wrote:
Davesworld wrote:

Sadly I am trying to install a new instance and I really DO want sogo, it's worth the extra gig of memory it uses.

Ok follow these steps closely (if using Debian / Ubuntu / CentOS)

1. Login to your server, make sure you have root access (Sudo or SU)
2. Go to the following directory /etc/apt/apt.conf.d/
3. Create a file with your favorite editor (I like NANO)

nano 80ssl-exceptions

4. Copy paste the following into the editor

Acquire::https::packages.inverse.ca::Verify-Peer "false";
Acquire::https::packages.inverse.ca::Verify-Host "false";

5. Save that file
6. Run setup, this time it will go through and install SOGO and ignore the warnings

Once installation completes, go back to that folder above, and delete this file.

That worked! Huge thanks to you!