<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta content="text/html;charset=UTF-8" http-equiv="Content-Type"></head><body ><div style="font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt;"><div data-sigid="2478883000000007012" data-zbluepencil-ignore="true" id="Zm-_Id_-Sgn"><div><div>Did the final curl complain about an expired certificate?<br></div><div><br></div><div> curl <a href="https://deb.torproject.org/torproject.org/" style="color: rgb(0,0,238);" target="_blank">https://deb.torproject.org/torproject.org/</a> <br></div><div><br></div><div><br></div><div>If so, that might indicate you've got OpenSSL 1.0, try<br></div><div><br></div><div> openssl version<br></div><div><br></div><div>If that's the case, then really you need to get that (and/or the underlying OS) updated.<br></div><div><br></div><div>In the short term, we can address this by commenting out the expired root in your trust store.<br></div><div><br></div><div> sudo -s<br></div><div> cp /etc/ca-certificates.conf ~/ca-certificates.conf.bkup<br></div><div> sed -i '/^mozilla\/DST_Root_CA_X3.crt$/ s/^/!/' /etc/ca-certificates.conf<br></div><div> update-ca-certificates<br></div><div><br></div><div>Then try the curl again<br></div><div><br></div><div> curl <a target="_blank" style="color: rgb(0,0,238);" href="https://deb.torproject.org/torproject.org/">https://deb.torproject.org/torproject.org/</a><br></div><div><br></div><div>It should no longer complain about the certificate having expired. If it now complains that the certificate isn't trusted, then the X1 cert isn't properly installed and we'll have to look at that.<br></div><div><br></div><div><br></div></div></div><br><div id="Zm-_Id_-Sgn" data-zbluepencil-ignore="true" data-sigid="2478883000000007012"><div><br></div><div>-- <br>Ben Tasker<br><a href="https://www.bentasker.co.uk" target="_blank" style="color: rgb(0, 0, 238);" data-zeanchor="true">https://www.bentasker.co.uk</a></div></div><br><div class="zmail_extra" data-zbluepencil-ignore="true"><div><br></div><div id="Zm-_Id_-Sgn1">---- On Sun, 08 May 2022 15:49:18 +0100 <b>Keifer Bly <keifer.bly@gmail.com></b> wrote ----<br></div><div><br></div><blockquote style="border-left: 1px solid rgb(204, 204, 204); padding-left: 6px; margin: 0px 0px 0px 5px;"><div><div dir="auto">I have done all these and it still happens. Is there perhaps a tool that will set this up? Thanks.<br><br><div>--Keifer<br></div></div><br><div class="x_-1106058792gmail_quote"><div dir="ltr" class="x_-1106058792gmail_attr">On Sat, May 7, 2022, 10:54 AM Keifer Bly <<a href="mailto:keifer.bly@gmail.com" target="_blank" style="color: rgb(0, 0, 238);" data-zeanchor="true">keifer.bly@gmail.com</a>> wrote:<br></div><blockquote class="x_-1106058792gmail_quote" style="margin: 0 0 0 0.8ex;border-left: 1.0px rgb(204,204,204) solid;padding-left: 1.0ex;"><div dir="auto">I am running as the root user.<br><br><div>--Keifer<br></div></div><br><div class="x_-1106058792gmail_quote"><div dir="ltr" class="x_-1106058792gmail_attr">On Sat, May 7, 2022, 10:50 AM Keifer Bly <<a href="mailto:keifer.bly@gmail.com" target="_blank" style="color: rgb(0, 0, 238);" data-zeanchor="true">keifer.bly@gmail.com</a>> wrote:<br></div><blockquote class="x_-1106058792gmail_quote" style="margin: 0 0 0 0.8ex;border-left: 1.0px rgb(204,204,204) solid;padding-left: 1.0ex;"><div dir="auto">Ok will try these things. Does that it's an ovh debain have anything to do with it? Hosted by them and they may frown on tor.<div dir="auto"><br><div dir="auto">--Keifer<br></div></div></div><br><div class="x_-1106058792gmail_quote"><div dir="ltr" class="x_-1106058792gmail_attr">On Thu, May 5, 2022, 8:41 AM ben <<a href="mailto:ben@bentasker.co.uk" target="_blank" style="color: rgb(0, 0, 238);" data-zeanchor="true">ben@bentasker.co.uk</a>> wrote:<br></div><blockquote class="x_-1106058792gmail_quote" style="margin: 0 0 0 0.8ex;border-left: 1.0px rgb(204,204,204) solid;padding-left: 1.0ex;"><u></u><div><div style="font-family: Verdana, Arial, Helvetica, sans-serif;font-size: 10.0pt;"><div>> Simply displays a message "no valid openpgp data found". My sources file<br></div><div><br></div><div>You'll see this because your system doesn't trust the cert chain.<br></div><div><br></div><div>You're not seeing a certificate warning because you've got output suppressed (the -q in wget's arguments)<br></div><div><br></div><div>If you run<br></div><div><br></div><div> wget <a style="color: rgb(0,0,238);" href="https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88" target="_blank">https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88</a>6DDD89.asc<br></div><div><br></div><div id="x_-1106058792m_-1982268036328116603m_6629974270280983121m_-7757692199310622081Zm-_Id_-Sgn"><div>I suspect you'll see the certificate warning.<br></div><div><br></div><div>You need to fix that before anything suggested here is going to work - if the cert chain isn't trusted then apt isn't going to access the repository's indexes, and so won't even see what packages are there, much less install them.<br></div><div><br></div><div>As apt didn't grab an updated version for you (which may be due to other repo misconfigurations) you probably want to grab and install the cert manually<br></div><div><br></div></div><div> # Verify that this gives a cert warning<br></div><div> curl <a href="https://deb.torproject.org/torproject.org/" style="color: rgb(0,0,238);" target="_blank">https://deb.torproject.org/torproject.org/</a> <br></div><div><br></div><div> curl -k --output "/tmp/ISRG_Root_X1.crt" "<a href="https://letsencrypt.org/certs/isrgrootx1.pem.txt" style="color: rgb(0,0,238);" target="_blank">https://letsencrypt.org/certs/isrgrootx1.pem.txt</a>"<br></div><div> sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/<br></div><div> sudo update-ca-certificates<br></div><div><br></div><div> # Now try again<br></div><div> curl <a href="https://deb.torproject.org/torproject.org/" style="color: rgb(0,0,238);" target="_blank">https://deb.torproject.org/torproject.org/</a> <br></div><div><br></div><div id="x_-1106058792m_-1982268036328116603m_6629974270280983121m_-7757692199310622081Zm-_Id_-Sgn"><div>If that final curl now works, run apt-get update and you should find apt no longer complains about the tor repo<br></div><div><br></div><div><br></div><div>-- <br>Ben Tasker<br><a href="https://www.bentasker.co.uk" style="color: rgb(0,0,238);" target="_blank">https://www.bentasker.co.uk</a></div></div><div><div><br></div><div id="x_-1106058792m_-1982268036328116603m_6629974270280983121m_-7757692199310622081Zm-_Id_-Sgn1">---- On Thu, 05 May 2022 13:21:22 +0100 <b> <<a href="mailto:lists@for-privacy.net" target="_blank" style="color: rgb(0, 0, 238);" data-zeanchor="true">lists@for-privacy.net</a>></b> wrote ----<br></div><div><br></div><blockquote style="border-left: 1.0px solid rgb(204,204,204);padding-left: 6.0px;margin: 0.0px 0.0px 0.0px 5.0px;"><div>On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote: <br>> Thank you. But running wget -qO- <br>> <a href="https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88" style="color: rgb(0,0,238);" target="_blank">https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88</a> <br>> 6DDD89.asc <br>> <br>> gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null <br> <br>Maybe copy paste error. It must be one line and you must be root or type <br>'sudo' in front of it. Maybe you can better copy from here: <br> <br>3. Then add the gpg key ... <br><a href="https://support.torproject.org/apt/" style="color: rgb(0,0,238);" target="_blank">https://support.torproject.org/apt/</a> <br> <br>> Simply displays a message "no valid openpgp data found". My sources file <br> <br>If this message appears again, install gpg: <br>sudo apt update && apt -y install gnupg <br> <br>-- <br>╰_╯ Ciao Marco! <br> <br>Debian GNU/Linux <br> <br>It's free software and it gives you freedom!_______________________________________________ <br>tor-relays mailing list <br><a href="mailto:tor-relays@lists.torproject.org" style="color: rgb(0,0,238);" target="_blank">tor-relays@lists.torproject.org</a> <br><a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" style="color: rgb(0,0,238);" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a> <br></div></blockquote></div><div><br></div></div><br></div>_______________________________________________<br> tor-relays mailing list<br> <a href="mailto:tor-relays@lists.torproject.org" target="_blank" style="color: rgb(0, 0, 238);" data-zeanchor="true">tor-relays@lists.torproject.org</a><br> <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" target="_blank" style="color: rgb(0, 0, 238);" data-zeanchor="true">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a><br></blockquote></div></blockquote></div></blockquote></div>_______________________________________________<br>tor-relays mailing list <br><a href="mailto:tor-relays@lists.torproject.org" target="_blank" style="color: rgb(0, 0, 238);" data-zeanchor="true">tor-relays@lists.torproject.org</a> <br><a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" target="_blank" style="color: rgb(0, 0, 238);" data-zeanchor="true">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a> <br></div></blockquote></div><div><br></div></div><br></body></html>