Installed the almalinux from DVD1 ISO in KVM hypervisor at home. Installation went fine and the end-result was a functioning Almalinux 8.4 installation.
However: I cannot update any packages, the problem seems to be with TLS/SSL and the mirrorlist.
The error is:
[lieven@localhost ~]$ sudo dnf update [sudo] password for lieven: AlmaLinux 8 - BaseOS 0.0 B/s | 0 B 00:00 Errors during downloading metadata for repository 'baseos': - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://mirror.nl.altushost.com/almalinux/8/BaseOS/x86_64/os/repodata/repomd.xml [SSL certificate problem: EE certificate key too weak] Error: Failed to download metadata for repo 'baseos': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
So far I’ve tried the following and combinations of the following:
using a fixed mirror (from the website here → see above error) instead of the mirrorlist as it comes with the default dvd iso installation. (mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos)
tried http (instead of https)
downloaded the letsencrypt ca intermediates in “/etc/pki/ca-trust/source/anchors/” and executed “update-ca-trust”
used update-crypto-policies to switch between DEFAULT, FUTURE and FIPS (enabled fips-mode-setup as well + reboot)
disabled GPG check (though I don’t really see how that has to do with the shown error )
almost forgot: default install comes with old ca-certificates (ca-certificates-2020.2.41-80.0.el8_2.src.rpm) so I manually put the new one on the server and installed it with “sudo rpm -Uvh /tmp/ca-certificates-2021.2.50-80.0.el8_4.noarch.rpm”
What should I try next?