I’ve got a clean minimal install. Installed and enabled the cockpit web-gui. that’s basically all I did.
Using the webgui I enabled automatic updates. Now this error pops up regularly:
dnf-makecache failed to start
Looking a bit further:
Curl error (35): SSL connect error for https://ftp.ps.pl/pub/Linux/rockylinux/8.4/AppStream/x86_64/os/repodata/repomd.xml [OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to ftp.ps.pl:443 ]
Any ideas? I’m completely new to Rocky, coming from Debian.
i got the same problem and still looking for an solution
What is the output of
openssl s_client -connect ftp.ps.pl:443?
Is your system clock set correctly?
i got the fllowing result by runing your command:
# openssl s_client -connect mirrors.sjtug.sjtu.edu.cn:443
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 323 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
and here is my timezone settings, i come from china btw.
Local time: 四 2021-08-05 16:15:07 CST
Universal time: 四 2021-08-05 08:15:07 UTC
RTC time: 四 2021-08-05 08:15:07
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
I’ve got the same output. Time is OK. It’s set via NTP.
I’m connecting to a Polish mirror.
Interestingly, I can’t connect at all to mirrors.sjtug.sjtu.edu.cn on 443. ftp.ps.pl gave me an error once and worked subsequently. This appears to be an issue with the mirrors. I think we were a little too readily accepting of mirrors and we need to start being more aggressive about pruning the low quality / troublesome ones.
I’ll bring this up with the infrastructure team (cc @neil @tgmux). In the meantime, please switch to a high quality reliable mirror (ftp.jaist.ac.jp should work well in your location).
Is there an easier way to do this then to change every repo file?
# The mirrorlist system uses the connecting IP address of the client and the
# update status of each mirror to pick current mirrors that are geographically
# close to the client. You should use this for Rocky updates unless you are
# manually picking other mirrors.
# If the mirrorlist does not work for you, you can try the commented out
# baseurl line instead.
name=Rocky Linux $releasever - AppStream
Extra information: the error doesn’t always occur. But when it succeeds, I have no clue which mirror it used.
you can check out the dnf log file at /var/log/dnf.log
sorry, some how , my network manager block some of the provide mirrors
another things get me confused， I’m using Rocky Linux 8.4, but while i try to find out what’s wrong with my mirror the other day, i happend to find out that the dnf lead my network action to the version 8 uri instead of 8.4 uri, i have to use the ‘–releaserver=8.4’ option to make it right, although this did not create any problem yet and i’m not sure whether it is a problem or it is intentional.
# rpm -qa | grep rocky-release
some of the dnf log :
SSL connect error for https://mirrors.sjtug.sjtu.edu.cn/rocky/8/AppStream/x86_64/os/repodata/repomd.xml [OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to mirr
I stopped using mirror list
sudo sed -i 's/^metalink/#metalink/g' /etc/yum.repos.d/*
sudo sed -i 's/^mirrorlist/#mirrorlist/g' /etc/yum.repos.d/*
sudo sed -i 's/^#baseurl/baseurl/g' /etc/yum.repos.d/*
and then hardcoded my closest mirror
sudo sed -i 's/baseurl=http\:\/\/dl\.rockylinux\.org\//baseurl=http\:\/\/syd\.mirror\.rackspace\.com\//g' /etc/yum.repos.d/*
sudo sed -i 's/pub\/rocky/rocky/g' /etc/dnf/vars/contentdir # different path on mirror
with thanks to Sed Script to update Yum Repo Data · GitHub
I tried this fix and came up with a different error. I went from a “Curl error 60” to a “Curl error 28”. Looks like it is timing out somewhere. My Ubuntu server VM on the same host is working fine, so may be connectivity to the Rocky mirror.
[jcole@rocky ~]$ sudo dnf update
Rocky Linux 8 - AppStream 4.5 kB/s | 561 kB 02:03
Errors during downloading metadata for repository ‘appstream’:
Hi bug4j, I’m not much of an expert, but for what it’s worth,
I’m in Australia, so those last two lines are for a specific mirror close to me:
- first line changes the source to syd.mirror.rackspace.com
- second line removes the
/pub/rocky in the path it’s reading from, because that mirror doesn’t have the extra directory
So you might want to one closer to you
- chose one from the mirror list and update the
baseurl in your
- confirm what the path to rocky is on that mirror (
/pub/rocky, or just
/rocky, or something else) and reflect in
Hi folks, apologies for the delay here. I missed the notification on the forums.
I am looking into this and will have an update as soon as I can!
Bump this topic…
Fresh install Rocky 8.5:
Error: Failed to download metadata for repo ‘extras’: Cannot download repomd.xml: Status code: 404 for http://rockylinux.ip-connect.vn.ua/8.5/extras/x86_64/os/repodata/repomd.xml (IP: 184.108.40.206)
There still are some mirrors that don’t fully comply.