Clean install, dnf-makecache fails

I’ve got a clean minimal install. Installed and enabled the cockpit web-gui. that’s basically all I did.

Using the webgui I enabled automatic updates. Now this error pops up regularly:

dnf-makecache failed to start

Looking a bit further:
Curl error (35): SSL connect error for [OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to ]

Any ideas? I’m completely new to Rocky, coming from Debian.

1 Like

i got the same problem and still looking for an solution

What is the output of openssl s_client -connect

Is your system clock set correctly?

i got the fllowing result by runing your command:

# openssl s_client -connect
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 323 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

and here is my timezone settings, i come from china btw.

# timedatectl 
               Local time: 四 2021-08-05 16:15:07 CST
           Universal time: 四 2021-08-05 08:15:07 UTC
                 RTC time: 四 2021-08-05 08:15:07
                Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

I’ve got the same output. Time is OK. It’s set via NTP.
I’m connecting to a Polish mirror.

Interestingly, I can’t connect at all to on 443. gave me an error once and worked subsequently. This appears to be an issue with the mirrors. I think we were a little too readily accepting of mirrors and we need to start being more aggressive about pruning the low quality / troublesome ones.

I’ll bring this up with the infrastructure team (cc @neil @tgmux). In the meantime, please switch to a high quality reliable mirror ( should work well in your location).

Is there an easier way to do this then to change every repo file?

# Rocky-AppStream.repo
# The mirrorlist system uses the connecting IP address of the client and the
# update status of each mirror to pick current mirrors that are geographically
# close to the client.  You should use this for Rocky updates unless you are
# manually picking other mirrors.
# If the mirrorlist does not work for you, you can try the commented out
# baseurl line instead.

name=Rocky Linux $releasever - AppStream

Extra information: the error doesn’t always occur. But when it succeeds, I have no clue which mirror it used.

you can check out the dnf log file at /var/log/dnf.log

sorry, some how , my network manager block some of the provide mirrors

another things get me confused, I’m using Rocky Linux 8.4, but while i try to find out what’s wrong with my mirror the other day, i happend to find out that the dnf lead my network action to the version 8 uri instead of 8.4 uri, i have to use the ‘–releaserver=8.4’ option to make it right, although this did not create any problem yet and i’m not sure whether it is a problem or it is intentional.

os version:

# rpm -qa | grep rocky-release

some of the dnf log :

SSL connect error for [OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to mirr

I stopped using mirror list

sudo sed -i 's/^metalink/#metalink/g'     /etc/yum.repos.d/*
sudo sed -i 's/^mirrorlist/#mirrorlist/g' /etc/yum.repos.d/*
sudo sed -i 's/^#baseurl/baseurl/g'       /etc/yum.repos.d/*

and then hardcoded my closest mirror

sudo sed -i 's/baseurl=http\:\/\/dl\.rockylinux\.org\//baseurl=http\:\/\/syd\.mirror\.rackspace\.com\//g' /etc/yum.repos.d/*
sudo sed -i 's/pub\/rocky/rocky/g' /etc/dnf/vars/contentdir # different path on mirror

with thanks to Sed Script to update Yum Repo Data · GitHub

I tried this fix and came up with a different error. I went from a “Curl error 60” to a “Curl error 28”. Looks like it is timing out somewhere. My Ubuntu server VM on the same host is working fine, so may be connectivity to the Rocky mirror.

[jcole@rocky ~]$ sudo dnf update
Rocky Linux 8 - AppStream 4.5 kB/s | 561 kB 02:03
Errors during downloading metadata for repository ‘appstream’:

Hi bug4j, I’m not much of an expert, but for what it’s worth,

I’m in Australia, so those last two lines are for a specific mirror close to me:

  1. first line changes the source to
  2. second line removes the /pub from /pub/rocky in the path it’s reading from, because that mirror doesn’t have the extra directory

So you might want to one closer to you

  1. chose one from the mirror list and update the baseurl in your /etc/yum.repos.d/* files
  2. confirm what the path to rocky is on that mirror (/pub/rocky, or just /rocky, or something else) and reflect in /etc/dnf/vars/contentdir

Hi folks, apologies for the delay here. I missed the notification on the forums.

I am looking into this and will have an update as soon as I can!

1 Like

Bump this topic…

Fresh install Rocky 8.5:

Error: Failed to download metadata for repo ‘extras’: Cannot download repomd.xml: Status code: 404 for (IP:

There still are some mirrors that don’t fully comply.