Debian/Ubuntu apt download certificate expired

[tootai]

Description:

sudo apt update
Atteint :1 http://deb.debian.org/debian buster InRelease
Atteint :2 http://deb.debian.org/debian buster-updates InRelease
Atteint :3 http://security.debian.org/debian-security buster/updates InRelease
Ign :4 https://download.jitsi.org stable/ InRelease
Err :5 https://download.jitsi.org stable/ Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP : 2001:660:2402::22 443]

Steps to reproduce:

running apt update with jitsi repos activated

Expected behavior:

should not finish with error

Actual behavior:

upgrade not possible as ended with error

Server information:

• Jitsi Meet version: 2.0.4548-1
• Operating System: Debian 10 aka Buster

Client information:

• Browser / app version:NA
• Operating System:NA

Additional information:

NA

[norecords]

Hello,
I have the same problem on ubuntu 18.04 when trying to update to jitsi-meet 2.0.4627-1 via repo.

[luixxiul]

@jitsi/developers

[youthpolicy]

Seems to be caused by an AddTrust Root Expiration: https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020

[sj64]

Same issue - Ubuntu 20.04

Err:6 https://download.jitsi.org stable/ Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 2001:660:2402::22 443]

[pdarcos]

I think everyone is having this problem.
I'm having it too. Seems like a certificate expired.

Not much we can do until jitsi issues a new certificate.

[designamx]

I'm facing the same issue on a ubuntu 20.04

[LeekYT]

Is there an ETA for a fix?
Just curious, so I don't need to check every hour or so.

[luixxiul]

Since the issue is global among platforms, no new reports are required.

Is there an ETA for a fix?

While I don't have the authority to proceed stuff so I'm not sure, I'm afraid it could take a while over the weekend.

[luixxiul]

For update, please subscribe to this issue by clicking the button above right:

[CollapsedMetal]

Just a workaround... you can make apt-get to ignore certificates.
It is not recommended to do so, but if you cannot wait to update jitsi, just update & upgrade with this option.

apt-get update -o Acquire::https::download.jitsi.org::Verify-Peer=false
apt-get upgrade -o Acquire::https::download.jitsi.org::Verify-Peer=false

[aaronkvanmeerten]

I was able to reproduce the problem, although not come to a complete understanding of the nuance of the certificate chain issues. It's not a simple case of an expired certificate. We have worked around it for now, and I was able to confirm it working again for me. Please check again and re-open if you continue to have problems.

[c-goes]

It’s probably caused by APT using GnuTLS https://twitter.com/sleevi_/status/1266731836912422912