前提・実現したいこと
EC2でyum updateやyum installを行いたい
ここに質問の内容を詳しく書いてください。
EC2でyum updateやyum installを行おうとすると
”CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none”と出てしまいます。
発生している問題・エラーメッセージ
エラーメッセージ
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Could not retrieve mirrorlist http://amazonlinux-2-repos-ap-northeast.s3.dualstack.ap-northeast-1.amazonaws.com/2/core/latest/x86_64/mirror.list error was
14: curl#77 - "error setting certificate verify l-ocations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none"
One of the configured repositories failed (Unknown),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:
1. Contact the upstream for the repository and get them to fix the problem. 2. Reconfigure the baseurl/etc. for the repository, to point to a working upstream. This is most often useful if you are using a newer distribution release than is supported by the repository (and the packages for the previous distribution release still work). 3. Run the command with the repository temporarily disabled yum --disablerepo=<repoid> ... 4. Disable the repository permanently, so yum won't use it by default. Yum will then just ignore the repository until you permanently enable it again or use --enablerepo for temporary usage: yum-config-manager --disable <repoid> or subscription-manager repos --disable=<repoid> 5. Configure the failing repository to be skipped, if it is unavailable. Note that yum will try to contact the repo. when it runs most commands, so will have to try and fail each time (and thus. yum will be be much slower). If it is a very temporary problem though, this is often a nice compromise: yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true
Cannot find a valid baseurl for repo: amzn2-core/2/x86_64
試したこと
■方法①
オレオレ証明で作成した証明書の名前を「ca-bundle.crt」に変更し
/etc/pki/tls/certs/
に配置
■結果→
14: curl#60 - "SSL certificate problem: unable to get local issuer certificate"
■方法②
エンドポイント追加
VPCに以下のエンドポイントを追加しました。
サービス名
com.amazonaws.ap-northeast-1.s3
エンドポイントタイプ
Gateway
■結果→
14: curl#77 - "error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none
方法③ Let's Encrypt 証明書の変更
sudo yum install https://cdn.amazonlinux.com/patch/ca-certificates-update-2021-09-30/ca-certificates-2021.2.50-72.amzn2.0.1.noarch.rpm
や
sudo sed -i'' '/DST Root CA X3/,/[p11-kit-object-v1]/d' /usr/share/pki/ca-trust-source/ca-bundle.trust.p11-kit
sudo update-ca-trust
を行うも
14: curl#77 - "error setting certificate verify l-ocations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none"
と変わらず。
参考
https://aws.amazon.com/jp/premiumsupport/knowledge-center/ec2-expired-certificate/
補足情報(FW/ツールのバージョンなど)
ping でエンドポイントやyahooなどに飛ばすとつながります。
サブネットはパブリックサブネットです。
構成は
EC2(web1号機)
EC2(web2号機)
RDS
になっております。
初心者ですがもうどうすればよいのかわかりません・・・
どなたかご回答いただければ大変助かります。。。
よろしくお願いいたします。
あなたの回答
tips
プレビュー