Installation using Debian (.DEB) packages -- certificate verification failed

Hi, I’m trying to follow the instructions to install XWiki on Ubuntu, here: https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Installation/InstallationViaAPT/

When I try to run “apt-get update” it’s telling me that the certificate can’t be trusted:

Err:7 https://maven.xwiki.org stable/ Packages
  Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. [IP: 92.222.135.198 443]

Anyone have any ideas what’s going on?

These days certificate errors like these are generally related to the change of root certificate of Let’s Encrypt which affects old Debian distributions. In short it’s too old to trust the TLS certificate of https://maven.xwiki.org. You might want to make sure that you are completely up-to-date, in some Debian distribution it’s enough to update some certificate package and in others you are stuck from what I understand.

Hi, did you managed the issue.
I have the same here.

If you are up to date with the other parts of the OS and still stuck, you can paste the following snippet into some new file in the directory /etc/apt/apt.conf.d/:

 Acquire::https::maven.xwiki.org::Verify-Peer "false";
 Acquire::https::maven.xwiki.org::Verify-Host "false";

This should disable the certificate check, but of course have no protection if someone manages to impersonate maven.xwiki.org or does a man-in-the-middle attack. I guess the chances that this will happen are not very high, however.

Source of the solution idea: kali linux - Is it possible to have APT accept an "invalid" certificate? - Unix & Linux Stack Exchange

Or just use http instead of https for the repository :slight_smile: