OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

ERROR: cannot verify swupdate.openvpn.net's certificate

https://forums.openvpn.net/viewtopic.php?t=33376

Page 1 of 1

ERROR: cannot verify swupdate.openvpn.net's certificate

Posted: Mon Nov 29, 2021 9:09 pm
by exeonid
Hi,
Please help me install stable version OpenVPN in Ubuntu18

I use this manual https://community.openvpn.net/openvpn/w ... twareRepos
but in result this error. Why?

Code: Select all

root@vm-ubuntu:~# wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg|apt-key add -
--2021-11-29 23:43:35--  https://swupdate.openvpn.net/repos/repo-public.gpg
Resolving swupdate.openvpn.net (swupdate.openvpn.net)... 104.18.109.96, 104.18.110.96
Connecting to swupdate.openvpn.net (swupdate.openvpn.net)|104.18.109.96|:443... connected.
ERROR: cannot verify swupdate.openvpn.net's certificate, issued by ‘CN=Sectigo RSA Organization Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB’:
  Unable to locally verify the issuer's authority.
To connect to swupdate.openvpn.net insecurely, use `--no-check-certificate'.
gpg: no valid OpenPGP data found.
Then I try this manual https://openvpn.net/vpn-software-packages/ for Ubuntu18

Code: Select all

root@vm-ubuntu:~# wget -qO - https://as-repository.openvpn.net/as-repo-public.gpg | apt-key add -
gpg: no valid OpenPGP data found.
WTF? Which manual I must use?

Re: ERROR: cannot verify swupdate.openvpn.net's certificate

Posted: Tue Nov 30, 2021 1:45 pm
by TinCanTech
Both keys work for me ..

Re: ERROR: cannot verify swupdate.openvpn.net's certificate

Posted: Thu Dec 09, 2021 6:07 pm
by openvpn_inc
Hello exeonid,

When you run this command:

Code: Select all

wget -qO - https://as-repository.openvpn.net/as-repo-public.gpg | apt-key add -
It pipes the output of the wget command into the apt-key process. It can reasonably be assumed that on almost all systems doing a wget fetch on that URL will be successful and output the public Access Server repository GPG key. However, in your case, there seems to be a problem verifying the identity of the server, which stops wget, and results in incorrect or no output being piped into apt-key. Therefore no valid key data is loaded.

Looking at the error output that wget shows, your system is unable to verify the identity of the server:
"Unable to locally verify the issuer's authority."

I suggest you try to update your operating system first, and make sure the ca-certificates package is installed:

Code: Select all

apt update
apt upgrade
apt install ca-certificates
Once that is done your operating system should be up-to-date with latest packages and most importantly here with the latest CA certificates bundle which is used to verify the identity of certificates of public web servers like https://swupdate.openvpn.net/

I am reasonably sure the problems will then be resolved, unless something is interfering with your connection between your server and our swupdate.openvpn.net server, or if your operating system is not able to get the updates and packages required to verify the identity of our server correctly.

Kind regards,
Johan
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/