in my company, there are several instances that are being backends for production, testing and other purposes. I am also a new employee in the company. Recently, all of the instances suddenly cannot receive any update using git or apt-get.
git fetch --all, the result is:fatal: unable to access 'https://[...].git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
After I saw the post, I use git config --global http.sslverify false and git fetch all again. the result is:
fatal: unable to access 'https://[...].git/': The requested URL returned error: 403
error: Could not fetch origin
That's very weird because I don't know it's a certification issue or user permission issue. Or just at the end it's a certification issue.
sudo apt-get update in this link, When I use sudo apt-get update, there are lots of errors:Ign:1 http://dl.google.com/linux/chrome/deb stable InRelease
Ign:2 http://dl.google.com/linux/chrome/deb stable Release
Ign:3 http://dl.google.com/linux/chrome/deb stable/main amd64 Packages.diff/Index
Ign:4 http://dl.google.com/linux/chrome/deb stable/main all Packages
Ign:5 http://dl.google.com/linux/chrome/deb stable/main Translation-en
Ign:6 http://dl.google.com/linux/chrome/deb stable/main amd64 Packages
Ign:4 http://dl.google.com/linux/chrome/deb stable/main all Packages
...
...
...
Ign:155 https://esm.ubuntu.com/infra/ubuntu xenial-infra-security/main i386 Packages
Ign:147 https://esm.ubuntu.com/infra/ubuntu xenial-infra-security/main all Packages
Ign:149 https://esm.ubuntu.com/infra/ubuntu xenial-infra-security/main Translation-en
Ign:156 https://esm.ubuntu.com/infra/ubuntu xenial-infra-updates/main amd64 Packages
Ign:157 https://esm.ubuntu.com/infra/ubuntu xenial-infra-updates/main i386 Packages
Ign:152 https://esm.ubuntu.com/infra/ubuntu xenial-infra-updates/main all Packages
Ign:153 https://esm.ubuntu.com/infra/ubuntu xenial-infra-updates/main Translation-en
Err:154 https://esm.ubuntu.com/infra/ubuntu xenial-infra-security/main amd64 Packages
server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
Ign:155 https://esm.ubuntu.com/infra/ubuntu xenial-infra-security/main i386 Packages
Err:156 https://esm.ubuntu.com/infra/ubuntu xenial-infra-updates/main amd64 Packages
server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
Ign:157 https://esm.ubuntu.com/infra/ubuntu xenial-infra-updates/main i386 Packages
Reading package lists... Done
W: The repository 'http://dl.google.com/linux/chrome/deb stable Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: The repository 'http://hk.archive.ubuntu.com/ubuntu xenial Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: The repository 'http://hk.archive.ubuntu.com/ubuntu xenial-updates Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: The repository 'https://download.docker.com/linux/ubuntu xenial Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: The repository 'http://hk.archive.ubuntu.com/ubuntu xenial-backports Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: The repository 'http://security.ubuntu.com/ubuntu xenial-security Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: The repository 'http://ppa.launchpad.net/certbot/certbot/ubuntu xenial Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: The repository 'http://ppa.launchpad.net/deadsnakes/ppa/ubuntu xenial Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: The repository 'https://esm.ubuntu.com/infra/ubuntu xenial-infra-security Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: The repository 'https://esm.ubuntu.com/infra/ubuntu xenial-infra-updates Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Failed to fetch http://dl.google.com/linux/chrome/deb/dists/stable/main/binary-amd64/Packages 403 Forbidden [IP: 142.251.220.78 80]
E: Failed to fetch http://hk.archive.ubuntu.com/ubuntu/dists/xenial-backports/restricted/binary-amd64/Packages 403 Forbidden [IP: 45.125.0.6 80]
E: Failed to fetch http://hk.archive.ubuntu.com/ubuntu/dists/xenial/main/binary-amd64/Packages 403 Forbidden [IP: 45.125.0.6 80]
E: Failed to fetch https://download.docker.com/linux/ubuntu/dists/xenial/stable/binary-amd64/Packages server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
E: Failed to fetch http://hk.archive.ubuntu.com/ubuntu/dists/xenial-updates/main/binary-amd64/Packages 403 Forbidden [IP: 45.125.0.6 80]
E: Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/main/binary-amd64/Packages 403 Forbidden [IP: 91.189.91.82 80]
E: Failed to fetch http://ppa.launchpad.net/deadsnakes/ppa/ubuntu/dists/xenial/main/binary-amd64/Packages 403 Forbidden [IP: 185.125.190.80 80]
E: Failed to fetch http://ppa.launchpad.net/certbot/certbot/ubuntu/dists/xenial/main/binary-amd64/Packages 403 Forbidden [IP: 185.125.190.80 80]
E: Failed to fetch https://esm.ubuntu.com/infra/ubuntu/dists/xenial-infra-security/main/binary-amd64/Packages server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
E: Failed to fetch https://esm.ubuntu.com/infra/ubuntu/dists/xenial-infra-updates/main/binary-amd64/Packages server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
E: Some index files failed to download. They have been ignored, or old ones used instead.
It is really appreciated if anyone could provide some hints/ solutions for me because I have worked on these issues for days! The dis is Ubuntu 16.04.7 LTS, our team has used Let's Encrypt for certificate, thanks so much.
It looks like there are problems with the firewall. Maybe the FW cracks the encryption to check the packets. After the check the packet is encrypted again with a new internal certificate. If this is not installed on the system, the error appears.
Test:
ssh -vvv [User]@[URL]
Workaround: