github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-14 03:46:23 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

downloads from dl.gitea.io fails becaus of cert error. invalid cert (outdated/ expired) #8091

New Issue
Closed
opened 2025-11-02 07:53:39 -06:00 by GiteaMirror · 4 comments
GiteaMirror commented 2025-11-02 07:53:39 -06:00
Owner
Copy Link

Originally created by @flobee on GitHub (Nov 11, 2021).

could not find a better place to put in this issue.

wget result (limited):

https://dl.gitea.io/gitea/...
Auflösen des Hostnamens »dl.gitea.io (dl.gitea.io)« … , ...
Verbindungsaufbau zu dl.gitea.io (dl.gitea.io)|
HTTP-Anforderung gesendet, auf Antwort wird gewartet … 307 Temporary Redirect
Platz: https://storage.gitea.io/gitea-artifacts/gitea/1.12.3/gitea-1.12.3-linux-amd64?X-Amz-Algorithm=AWS4-HMAC-SHA256&..
Signature=4b0ac541059b369c2031a08fc1d629e2398a5c871c493b9311f8732c1... [folgend]
--2021-11-11 11:46:33--  https://storage.gitea.io/gitea-artifacts/gitea/1.12.3/gitea-1.12.3-linux-amd64?X-Amz-...Amz-Signature=4b0ac541059b369c2031a08fc1d629e2398a5c871c493b9311f873...
Auflösen des Hostnamens »storage.gitea.io (storage.gitea.io)« … 
Verbindungsaufbau zu storage.gitea.io (storage.gitea.io)| … verbunden.
FEHLER: Dem Zertifikat von »storage.gitea.io« wird nicht vertraut. (Not Trusted)
FEHLER: Das Zertifikat von »storage.gitea.io« ist abgelaufen. (Expired!)
Originally created by @flobee on GitHub (Nov 11, 2021). could not find a better place to put in this issue. wget result (limited): ``` https://dl.gitea.io/gitea/... Auflösen des Hostnamens »dl.gitea.io (dl.gitea.io)« … , ... Verbindungsaufbau zu dl.gitea.io (dl.gitea.io)| HTTP-Anforderung gesendet, auf Antwort wird gewartet … 307 Temporary Redirect Platz: https://storage.gitea.io/gitea-artifacts/gitea/1.12.3/gitea-1.12.3-linux-amd64?X-Amz-Algorithm=AWS4-HMAC-SHA256&.. Signature=4b0ac541059b369c2031a08fc1d629e2398a5c871c493b9311f8732c1... [folgend] --2021-11-11 11:46:33-- https://storage.gitea.io/gitea-artifacts/gitea/1.12.3/gitea-1.12.3-linux-amd64?X-Amz-...Amz-Signature=4b0ac541059b369c2031a08fc1d629e2398a5c871c493b9311f873... Auflösen des Hostnamens »storage.gitea.io (storage.gitea.io)« … Verbindungsaufbau zu storage.gitea.io (storage.gitea.io)| … verbunden. FEHLER: Dem Zertifikat von »storage.gitea.io« wird nicht vertraut. (Not Trusted) FEHLER: Das Zertifikat von »storage.gitea.io« ist abgelaufen. (Expired!) ```
GiteaMirror added the issue/needs-feedback label 2025-11-02 07:53:39 -06:00
GiteaMirror commented 2025-11-02 07:53:40 -06:00
Author
Owner
Copy Link

@wxiaoguang commented on GitHub (Nov 11, 2021):

I can not reproduce your problem on my side. If you keeps meeting the problem, please provide curl -v with details (full output).

% curl https://storage.gitea.io/
* Server certificate:
*  subject: CN=storage.gitea.io
*  start date: Nov  9 16:24:18 2021 GMT
*  expire date: Feb  7 16:24:17 2022 GMT
*  subjectAltName: host "storage.gitea.io" matched cert's "storage.gitea.io"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
@wxiaoguang commented on GitHub (Nov 11, 2021): I can not reproduce your problem on my side. If you keeps meeting the problem, please provide `curl -v` with details (**full output**). ``` % curl https://storage.gitea.io/ * Server certificate: * subject: CN=storage.gitea.io * start date: Nov 9 16:24:18 2021 GMT * expire date: Feb 7 16:24:17 2022 GMT * subjectAltName: host "storage.gitea.io" matched cert's "storage.gitea.io" * issuer: C=US; O=Let's Encrypt; CN=R3 * SSL certificate verify ok. ```
GiteaMirror commented 2025-11-02 07:53:40 -06:00
Author
Owner
Copy Link

@silverwind commented on GitHub (Nov 11, 2021):

Likely related to https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/, make sure your root certificates are updated.

@silverwind commented on GitHub (Nov 11, 2021): Likely related to https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/, make sure your root certificates are updated.
GiteaMirror commented 2025-11-02 07:53:40 -06:00
Author
Owner
Copy Link

@flobee commented on GitHub (Nov 15, 2021):

no.. a download shows a downloaded file including html code to go to a new url.

curl --output /tmp/gitea https://dl.gitea.io/gitea/1.12.3/gitea-1.12.3-linux-amd64

ls -al 
/tmp/gitea
-rw-r--r-- 1 root root 400 Nov 15 12:56 /tmp/gitea

--> content: -->-
<a href="https://storage.gitea.io/gitea-artifacts/gitea/1.12.3/gitea-1.12.3-linux-amd64?X-Amz-Algorithm=AWS4-HMAC-SHA256&amp;X-Amz-Credential=SU5ZZ3Q6D6AFIQSCOO65%2F20211115%2Fus-east-1%2Fs3%2Faws4_request&amp;X-Amz-Date=20211115T115657Z&amp;X-Amz-Expires=600&amp;X-Amz-SignedHeaders=host&amp;X-Amz-Signature=b02acb96a4628c0138d1ddc139b4def6ecefa9b5707e718bcd8c68106c28bf66">Temporary Redirect</a>.
--<--

curl -v output:

curl -v https://dl.gitea.io/gitea/1.12.3/gitea-1.12.3-linux-amd64
*   Trying 104.21.60.7...
* TCP_NODELAY set
* Connected to dl.gitea.io (104.21.60.7) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: Jul  1 00:00:00 2021 GMT
*  expire date: Jun 30 23:59:59 2022 GMT
*  subjectAltName: host "dl.gitea.io" matched cert's "*.gitea.io"
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55ba35889e30)
> GET /gitea/1.12.3/gitea-1.12.3-linux-amd64 HTTP/1.1
> Host: dl.gitea.io
> User-Agent: curl/7.52.1
> Accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 307 
< date: Mon, 15 Nov 2021 11:47:12 GMT
< content-type: text/html; charset=utf-8
< location: https://storage.gitea.io/gitea-artifacts/gitea/1.12.3/gitea-1.12.3-linux-amd64?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=SU5ZZ3Q6D6AFIQSCOO65%2F20211115%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20211115T114711Z&X-Amz-Expires=600&X-Amz-SignedHeaders=host&X-Amz-Signature=9c07f715d324f588a2abd9e1055caab9ce28c930cd65630504f6cb3678ed67b6
< cf-cache-status: DYNAMIC
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AiL3d4A%2BPhLC6pjp4Dw6kUJXNmHdUd92Bwy2CIawtnZeyB4RTOIz5DGHj5V3gYxyA0vqZt1Mn%2BncpNGXDId%2B3lq0V4h73LsPEgDzsu%2Ftnt0XcfvszRchRxov2trf%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 6ae83e4fcc284c74-AMS
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
< 
<a href="https://storage.gitea.io/gitea-artifacts/gitea/1.12.3/gitea-1.12.3-linux-amd64?X-Amz-Algorithm=AWS4-HMAC-SHA256&amp;X-Amz-Credential=SU5ZZ3Q6D6AFIQSCOO65%2F20211115%2Fus-east-1%2Fs3%2Faws4_request&amp;X-Amz-Date=20211115T114711Z&amp;X-Amz-Expires=600&amp;X-Amz-SignedHeaders=host&amp;X-Amz-Signature=9c07f715d324f588a2abd9e1055caab9ce28c930cd65630504f6cb3678ed67b6">Temporary Redirect</a>.

* Curl_http_done: called premature == 0
* Connection #0 to host dl.gitea.io left intact
@flobee commented on GitHub (Nov 15, 2021): no.. a download shows a downloaded file including html code to go to a new url. curl --output /tmp/gitea https://dl.gitea.io/gitea/1.12.3/gitea-1.12.3-linux-amd64 ``` ls -al /tmp/gitea -rw-r--r-- 1 root root 400 Nov 15 12:56 /tmp/gitea --> content: -->- <a href="https://storage.gitea.io/gitea-artifacts/gitea/1.12.3/gitea-1.12.3-linux-amd64?X-Amz-Algorithm=AWS4-HMAC-SHA256&amp;X-Amz-Credential=SU5ZZ3Q6D6AFIQSCOO65%2F20211115%2Fus-east-1%2Fs3%2Faws4_request&amp;X-Amz-Date=20211115T115657Z&amp;X-Amz-Expires=600&amp;X-Amz-SignedHeaders=host&amp;X-Amz-Signature=b02acb96a4628c0138d1ddc139b4def6ecefa9b5707e718bcd8c68106c28bf66">Temporary Redirect</a>. --<-- ``` curl -v output: ``` curl -v https://dl.gitea.io/gitea/1.12.3/gitea-1.12.3-linux-amd64 * Trying 104.21.60.7... * TCP_NODELAY set * Connected to dl.gitea.io (104.21.60.7) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Client hello (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256 * ALPN, server accepted to use h2 * Server certificate: * subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com * start date: Jul 1 00:00:00 2021 GMT * expire date: Jun 30 23:59:59 2022 GMT * subjectAltName: host "dl.gitea.io" matched cert's "*.gitea.io" * issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3 * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x55ba35889e30) > GET /gitea/1.12.3/gitea-1.12.3-linux-amd64 HTTP/1.1 > Host: dl.gitea.io > User-Agent: curl/7.52.1 > Accept: */* > * Connection state changed (MAX_CONCURRENT_STREAMS updated)! < HTTP/2 307 < date: Mon, 15 Nov 2021 11:47:12 GMT < content-type: text/html; charset=utf-8 < location: https://storage.gitea.io/gitea-artifacts/gitea/1.12.3/gitea-1.12.3-linux-amd64?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=SU5ZZ3Q6D6AFIQSCOO65%2F20211115%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20211115T114711Z&X-Amz-Expires=600&X-Amz-SignedHeaders=host&X-Amz-Signature=9c07f715d324f588a2abd9e1055caab9ce28c930cd65630504f6cb3678ed67b6 < cf-cache-status: DYNAMIC < expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" < report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AiL3d4A%2BPhLC6pjp4Dw6kUJXNmHdUd92Bwy2CIawtnZeyB4RTOIz5DGHj5V3gYxyA0vqZt1Mn%2BncpNGXDId%2B3lq0V4h73LsPEgDzsu%2Ftnt0XcfvszRchRxov2trf%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800} < nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} < server: cloudflare < cf-ray: 6ae83e4fcc284c74-AMS < alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 < <a href="https://storage.gitea.io/gitea-artifacts/gitea/1.12.3/gitea-1.12.3-linux-amd64?X-Amz-Algorithm=AWS4-HMAC-SHA256&amp;X-Amz-Credential=SU5ZZ3Q6D6AFIQSCOO65%2F20211115%2Fus-east-1%2Fs3%2Faws4_request&amp;X-Amz-Date=20211115T114711Z&amp;X-Amz-Expires=600&amp;X-Amz-SignedHeaders=host&amp;X-Amz-Signature=9c07f715d324f588a2abd9e1055caab9ce28c930cd65630504f6cb3678ed67b6">Temporary Redirect</a>. * Curl_http_done: called premature == 0 * Connection #0 to host dl.gitea.io left intact ```
GiteaMirror commented 2025-11-02 07:53:41 -06:00
Author
Owner
Copy Link

@Gusted commented on GitHub (Nov 15, 2021):

no.. a download shows a downloaded file including html code to go to a new url.

curl --output /tmp/gitea https://dl.gitea.io/gitea/1.12.3/gitea-1.12.3-linux-amd64

You've to tell cURL to follow the redirect(Location header in this case) by passing the -L argument, which then will simply work as expected:

-> % curl -L --output /tmp/gitea https://dl.gitea.io/gitea/1.12.3/gitea-1.12.3-linux-amd64
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   400    0   400    0     0   5327      0 --:--:-- --:--:-- --:--:--  5333
100  101M  100  101M    0     0  24.9M      0  0:00:04  0:00:04 --:--:-- 26.9M

-> % ls -lh /tmp/gitea 
-rw-r--r-- 1 gusted gusted 102M 15 nov 13:06 /tmp/gitea
@Gusted commented on GitHub (Nov 15, 2021): > no.. a download shows a downloaded file including html code to go to a new url. > > curl --output /tmp/gitea https://dl.gitea.io/gitea/1.12.3/gitea-1.12.3-linux-amd64 You've to tell cURL to follow the redirect(`Location` header in this case) by passing the `-L` argument, which then will simply work as expected: ```sh -> % curl -L --output /tmp/gitea https://dl.gitea.io/gitea/1.12.3/gitea-1.12.3-linux-amd64 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 400 0 400 0 0 5327 0 --:--:-- --:--:-- --:--:-- 5333 100 101M 100 101M 0 0 24.9M 0 0:00:04 0:00:04 --:--:-- 26.9M ``` ````sh -> % ls -lh /tmp/gitea -rw-r--r-- 1 gusted gusted 102M 15 nov 13:06 /tmp/gitea
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/needs-feedback
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#8091
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?