Apt install certificate and redirection errors

I’m on Parrot 4.8, and having multiple issues installing new software. I believe they may be primarily server side, but I am unsure.

Upon running sudo apt install <package name> my machine is returning:

“E: Failed to fetch https://deb.parrot.sh/parrot/pool/main/x/xen/libxenstore3.0_4.11.3+24-g14b62ab3e5-1_amd64.deb Redirection from https to ‘http://mirrors.mit.edu/parrot/pool/main/x/xen/libxenstore3.0_4.11.3+24-g14b62ab3e5-1_amd64.deb’ is forbidden [IP: 2606:4700:3033::681b:82c1 443]”

and multiple copies of:

“E: Failed to fetch https://parrot.ca.mirror.cythin.com/parrot/pool/main/g/gtk-vnc/gir1.2-gtk-vnc-2.0_1.0.0-1_amd64.deb Certificate verification failed: The certificate is NOT trusted. The name in the certificate does not match the expected. Could not handshake: Error in the certificate verification. [IP: 2607:5300:60:b77::1 443]”

Regarding the first, it seems a reasonable security measure to forbid redirection to tls-free http websites. Is there someone who should be informed that their webserver is being avoided because it lacks basic security for 2020? Is there a simple way to get apt to not redirect to this website and fetch from one with tls instead?

The second one is even stranger because I have run sudo grep -r cythin /etc, sudo grep -r cythin /usr, sudo grep -r cythin /var, and sudo grep -r cythin /home, and none of them returns any indication of a cythin.com domain being stored anywhere on my computer, much less in the /etc/apt/ directory. Clearly their certificate is invalid (likely it is just expired), but why is apt even looking for this domain? How can I tell it not to and get it to look for software in a sensible location?

I did some digging around and figured out this is most likely an issue with the automated mirror selector. I was able to install some of the software I wanted by manually adding “deb http://mirrors.mit.edu/parrot/ rolling main contrib non-free” to /etc/apt/sources.list.d/parrot.list so that it wouldn’t try to access it through a redirect. As for parrot.mirror.ca.cythin.com, I am going to email the admin and registrant email addresses discovered through a whois cythin.com query. Hopefully they will be able to fix their certificate issue.

I fixed it by adding more mirrors from https://parrotsec.org/docs/mirror-list/ until one of them finally worked.

This topic was automatically closed 60 minutes after the last reply. New replies are no longer allowed.