ERROR: cannot verify swupdate.openvpn.net's certificate

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
exeonid
OpenVpn Newbie
Posts: 1
Joined: Mon Nov 29, 2021 8:56 pm

ERROR: cannot verify swupdate.openvpn.net's certificate

Post by exeonid » Mon Nov 29, 2021 9:09 pm

Hi,
Please help me install stable version OpenVPN in Ubuntu18

I use this manual https://community.openvpn.net/openvpn/w ... twareRepos
but in result this error. Why?

Code: Select all

root@vm-ubuntu:~# wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg|apt-key add -
--2021-11-29 23:43:35--  https://swupdate.openvpn.net/repos/repo-public.gpg
Resolving swupdate.openvpn.net (swupdate.openvpn.net)... 104.18.109.96, 104.18.110.96
Connecting to swupdate.openvpn.net (swupdate.openvpn.net)|104.18.109.96|:443... connected.
ERROR: cannot verify swupdate.openvpn.net's certificate, issued by ‘CN=Sectigo RSA Organization Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB’:
  Unable to locally verify the issuer's authority.
To connect to swupdate.openvpn.net insecurely, use `--no-check-certificate'.
gpg: no valid OpenPGP data found.
Then I try this manual https://openvpn.net/vpn-software-packages/ for Ubuntu18

Code: Select all

root@vm-ubuntu:~# wget -qO - https://as-repository.openvpn.net/as-repo-public.gpg | apt-key add -
gpg: no valid OpenPGP data found.
WTF? Which manual I must use?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: ERROR: cannot verify swupdate.openvpn.net's certificate

Post by TinCanTech » Tue Nov 30, 2021 1:45 pm

Both keys work for me ..

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: ERROR: cannot verify swupdate.openvpn.net's certificate

Post by openvpn_inc » Thu Dec 09, 2021 6:07 pm

Hello exeonid,

When you run this command:

Code: Select all

wget -qO - https://as-repository.openvpn.net/as-repo-public.gpg | apt-key add -
It pipes the output of the wget command into the apt-key process. It can reasonably be assumed that on almost all systems doing a wget fetch on that URL will be successful and output the public Access Server repository GPG key. However, in your case, there seems to be a problem verifying the identity of the server, which stops wget, and results in incorrect or no output being piped into apt-key. Therefore no valid key data is loaded.

Looking at the error output that wget shows, your system is unable to verify the identity of the server:
"Unable to locally verify the issuer's authority."

I suggest you try to update your operating system first, and make sure the ca-certificates package is installed:

Code: Select all

apt update
apt upgrade
apt install ca-certificates
Once that is done your operating system should be up-to-date with latest packages and most importantly here with the latest CA certificates bundle which is used to verify the identity of certificates of public web servers like https://swupdate.openvpn.net/

I am reasonably sure the problems will then be resolved, unless something is interfering with your connection between your server and our swupdate.openvpn.net server, or if your operating system is not able to get the updates and packages required to verify the identity of our server correctly.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply