[SOLVED] Secondary deposit certificate issue since update 2.6

Questions about WAPT Server / Requests and help related to the WAPT server
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
djfb1
Messages: 7
Registration: February 7, 2025 - 8:57 AM

February 7, 2025 - 9:47 AM

Good morning,

Since the update from 2.5 to 2.6, I have been getting an error when installing packages on my PCs or servers at remote sites.
Secondary storage facilities are installed on these sites.
Here is the error message on the console:

Code: Select all

Erreur lors de l'installation de ['srv-bureautique.domain.local(=7)']: erreurs dans les paquets [[('https://srv-wapt.domain.local/wapt/ltm-7zip_24.9-46_x64_windows_5.0_PROD.wapt', 'THttpClientSocket.DoTlsAfter: TLS failed [EOpenSslNetTls TOpenSslNetTls.AfterConnection connect: OpenSSL 30100070 error 1 [SSL_ERROR_SSL (error:0A000086:SSL routines::certificate verify failed) (self-signed certificate #18)]]'), None]
And the error message on the server where I'm trying to install the 7zip package:

Code: Select all

2025-02-07 09:22:03,966 [waptcore WaptTaskManager 5200] CRITICAL Error downloading package from http repository, please update... error : THttpClientSocket.DoTlsAfter: TLS failed [EOpenSslNetTls TOpenSslNetTls.AfterConnection connect: OpenSSL 30100070 error 1 [SSL_ERROR_SSL (error:0A000086:SSL routines::certificate verify failed) (self-signed certificate #18)]]
2025-02-07 09:22:03,966 [waptcore WaptTaskManager 5200] CRITICAL Error downloading some files : [('https://srv-secondaire.domain.local/wapt/ltm-7zip_24.9-46_x64_windows_5.0_PROD.wapt', 'THttpClientSocket.DoTlsAfter: TLS failed [EOpenSslNetTls TOpenSslNetTls.AfterConnection connect: OpenSSL 30100070 error 1 [SSL_ERROR_SSL (error:0A000086:SSL routines::certificate verify failed) (self-signed certificate #18)]]')]
2025-02-07 09:22:03,966 [waptcore WaptTaskManager 5200] CRITICAL Package ltm-7zip [x64_fr_PROD] not installed due to errors : EWaptDownloadError: Package file ltm-7zip_24.9-46_x64_windows_5.0_PROD.wapt not downloaded properly.
Erreur lors de l'installation de ['ltm-7zip']: erreurs dans les paquets [[('https://srv-secondaire.domain.local.ltm.bzh/wapt/ltm-7zip_24.9-46_x64_windows_5.0_PROD.wapt', 'THttpClientSocket.DoTlsAfter: TLS failed [EOpenSslNetTls TOpenSslNetTls.AfterConnection connect: OpenSSL 30100070 error 1 [SSL_ERROR_SSL (error:0A000086:SSL routines::certificate verify failed) (self-signed certificate #18)]]'), None], [PackageRequest(package='ltm-7zip',architectures=['x64'],locales=['fr'],maturities=['PROD'],tags=['windows-2012serverr2', 'win-2012serverr2', 'w-2012serverr2', 'windows2012serverr2', 'win2012serverr2', 'w2012serverr2', 'windows', 'win', 'w'],min_os_version=Version('6.3.9600'),max_os_version=Version('6.3.9600')), PackageEntry('ltm-7zip','24.9-46' architecture='x64',maturity='PROD',target_os='windows'), 'Traceback (most recent call last):\n  File "C:\\Program Files (x86)\\wapt\\common.py", line 5471, in install\n    raise EWaptDownloadError(\'Package file %s not downloaded properly.\' % p.filename)\nwaptpackage.EWaptDownloadError: Package file ltm-7zip_24.9-46_x64_windows_5.0_PROD.wapt not downloaded properly.\n']]
2025-02-07 09:22:03,966 [wapttasks WaptTaskManager 5200] CRITICAL Task error Installation de ltm-7zip (tâche #78): Exception: Erreur lors de l'installation de ['ltm-7zip']: erreurs dans les paquets [[('https://srv-secondaire.domain.local/wapt/ltm-7zip_24.9-46_x64_windows_5.0_PROD.wapt', 'THttpClientSocket.DoTlsAfter: TLS failed [EOpenSslNetTls TOpenSslNetTls.AfterConnection connect: OpenSSL 30100070 error 1 [SSL_ERROR_SSL (error:0A000086:SSL routines::certificate verify failed) (self-signed certificate #18)]]'), None], [PackageRequest(package='ltm-7zip',architectures=['x64'],locales=['fr'],maturities=['PROD'],tags=['windows-2012serverr2', 'win-2012serverr2', 'w-2012serverr2', 'windows2012serverr2', 'win2012serverr2', 'w2012serverr2', 'windows', 'win', 'w'],min_os_version=Version('6.3.9600'),max_os_version=Version('6.3.9600')), PackageEntry('ltm-7zip','24.9-46' architecture='x64',maturity='PROD',target_os='windows'), 'Traceback (most recent call last):\n  File "C:\\Program Files (x86)\\wapt\\common.py", line 5471, in install\n    raise EWaptDownloadError(\'Package file %s not downloaded properly.\' % p.filename)\nwaptpackage.EWaptDownloadError: Package file ltm-7zip_24.9-46_x64_windows_5.0_PROD.wapt not downloaded properly.\n']]
Thank you for your help.

Debian Linux Server (2.6)
Secondary Linux Debian (2.6) repositories (secondary-srv)
Console installed on server 2022
Last edited by djfb1 on 07 Feb 2025 - 11:33, edited 1 time.
High
User avatar
dcardon
WAPT Expert
Messages: 1930
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

February 7, 2025 - 11:16

Hi Farid,

it seems the secondary repository is configured for HTTPS, but the certificate isn't being recognized. If you have an internal CA, could you add HTTPS certificates that are recognized by the agents? To test, could you configure your remote repository for HTTP instead of HTTPS? (From a security standpoint, the agent validates all downloads at the signature level, so having the secondary repositories in HTTP isn't a major issue.)

Regards,

Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
djfb1
Messages: 7
Registration: February 7, 2025 - 8:57 AM

February 7, 2025 - 11:30

Hi Denis,

Yes, it works over HTTP.
We don't use an internal CA.

I'll leave it as is.

Thanks.
High
User avatar
dcardon
WAPT Expert
Messages: 1930
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

February 7, 2025 - 11:40

Hi again Farid,

thanks for the feedback, :-) I'm marking the topic as RESOLVED.

Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
Locked

Return to "WAPT Server"


  • To go further with WAPT