Re: [tor-relays] Update on tor issue on my debian

[Keifer Bly <keifer.bly@xxxxxxxxx>]

Well, after deleting those files, etc, here is the terminal output when running apt-get update.

root@vps-3e661acc:/home/debian# root@vps-3e661acc:/home/debian# apt-get update
Hit:1 http://security.debian.org buster/updates InRelease
Hit:2 http://deb.debian.org/debian buster InRelease
Hit:3 http://deb.debian.org/debian buster-backports InRelease
Ign:4 https://deb.torproject.org/torproject.org buster InRelease
Ign:5 https://deb.torproject.org/torproject.org buster Release
Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages
Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages
Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en
Ign:9 https://deb.torproject.org/torproject.org buster/main Translation-en_US
Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages
Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages
Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en
Ign:9 https://deb.torproject.org/torproject.org buster/main Translation-en_US
Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages
Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages
Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en
Ign:9 https://deb.torproject.org/torproject.org buster/main Translation-en_US
Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages
Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages
Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en
Ign:9 https://deb.torproject.org/torproject.org buster/main Translation-en_US
Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages
Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages
Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en
Ign:9 https://deb.torproject.org/torproject.org buster/main Translation-en_US
Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages
Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages
Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en
Ign:9 https://deb.torproject.org/torproject.org buster/main Translation-en_US
Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages
Err:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages
  Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. [IP: 95.216.163.36 443]
Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en
Ign:9 https://deb.torproject.org/torproject.org buster/main Translation-en_US
Reading package lists... Done
E: Failed to fetch https://deb.torproject.org/torproject.org/dists/buster/main/binary-amd64/Packages  Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. [IP: 95.216.163.36 443]

So, that appears to have fixed the updating from a respiratory issue. But I am wondering what is the terminal command to update the SSL certificate? Thanks.

--Keifer

On Fri, Jun 3, 2022 at 9:48 AM <lists@xxxxxxxxxxxxxxx> wrote:

On Wednesday, June 1, 2022 7:25:44 PM CEST Keifer Bly wrote:

> So upon trying all of the mentioned commands, my tor installation still
> encounters an error when trying to update. Attached is a photo of my
> sources.list.debian.templ and sources.list. When trying to update the
> returned error
sources.list.debian.temp
I would not change the template from the provider.

> 
>
> N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/' as it has
> no filename extension
>
> N: Ignoring file 'tor.list.save.2' in directory '/etc/apt/sources.list.d/'
> as it has an invalid filename extension
>
> N: Ignoring file 'tor.list.save.1' in directory '/etc/apt/sources.list.d/'
> as it has an invalid filename extension
Dir '/etc/apt/sources.list.d/' is empty by default. I would delete all files
there. $ sudo rm -i /etc/apt/sources.list.d/*


> E: Conflicting values set for option Signed-By regarding source
> https://deb.torproject.org/torproject.org/ buster:
> /usr/share/keyrings/tor-archive-keyring.gpg !=
>
> E: The list of sources could not be read.

You have to configure it in either the Debian buster way or the new way since
Debian bullseye.

Old buster way + (apt-key add) in file: /etc/apt/sources.list
deb https://deb.torproject.org/torproject.org buster main

New bullseye way + (tor-archive-keyring) create a file in the directory:
'/etc/apt/sources.list.d/' with the name 'tor.list'
with just one line:
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://
deb.torproject.org/torproject.org buster main


For Buster, you just have to delete the penultimate line:
deb http://ftp.de.debian.org/debian stretch main
and
[signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] in the last line
in /etc/apt/sources.list.


Other consideration:
(You must upgrade buster to bullseye, your certificates may still be out of
date, your tor daemon is running as root!?, etc.)
nusenu gave tips on relay migration a few days ago.
- stop tor, save tor config and the entire datadir
Reinstall bullseye from the provider customer menu
- then copy over tor config and datadir, set the right permissions and let the
relay run again.

Tomorrow is a workshop from Torproject


--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays