Getting certificate verification errors

rikiwarren · July 7, 2022, 9:39am

I’m trying to install Parrot on a Raspberry Pi 4. Everything seemed to be working fine, then I started getting certificate verification errors:

Err:2 https://deb.parrot.sh/parrot parrot InRelease
  Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. [IP: 51.161.118.148 443]
Err:2 https://deb.parrot.sh/parrot parrot InRelease

And then later on:

W: Failed to fetch https://deb.parrot.sh/parrot/dists/parrot/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. [IP: 51.161.118.148 443]

Any idea how to fix this? I reinstalled ca-certificates. Double checked my sources. But that’s where the advice I was finding online ended. None of that worked, and I’m not sure what could be causing these errors. So I’d appreciate any suggestions on what to try next.

Thanks!

Hallicyne · July 7, 2022, 7:52pm

I had the same issues and it was due to the system clock being out of sync, i updated my date and time via “control center > Time and Date manager” and it has started working again, i hope this helps

danterolle · July 8, 2022, 9:48am

Or you can use ntp from the terminal to synchronize it. We are also fixing this for the next Parrot release.

rikiwarren · July 8, 2022, 9:32pm

Thanks! That was the issue (I actually discovered the solution about an hour after posting the question—but I had to wait for it to get approved and become public before I could comment on it).

On quick follow-up question. When I tried to set up NTP, I noticed that it’s apparently disabled:

% sudo timedatectl set-ntp true
[sudo] password for pi: 
Failed to set ntp: NTP not supported

I assume this is for security reasons. Is the best option to just manually set the time and date (that’s what I ended up doing)?

rikiwarren · July 8, 2022, 9:59pm

Oh, another question. While trying to fix it, I changed the source list to the following:

… in /etc/apt/sources.list.d/parrot.list

deb https://deb.parrot.sh/parrot/ parrot main contrib non-free
#deb-src https://deb.parrot.sh/parrot/ parrot main contrib non-free
deb https://deb.parrot.sh/parrot/ rolling-security main contrib non-free
#deb-src https://deb.parrot.sh/parrot/ rolling-security main contrib non-free

Which I got from here: Mirrors list - Parrot Documentation

But when I run sudo apt update I get the following warnings:


% sudo apt update                           
[sudo] password for pi: 
Get:1 https://deb.parrot.sh/parrot parrot InRelease                 
Hit:2 https://deb.parrot.sh/parrot rolling-security InRelease
Fetched 5,545 B in 1s (4,931 B/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
N: Skipping acquire of configured file 'main/binary-arm64/Packages' as repository 'https://deb.parrot.sh/parrot rolling-security InRelease' doesn't support architecture 'arm64'
N: Skipping acquire of configured file 'contrib/binary-arm64/Packages' as repository 'https://deb.parrot.sh/parrot rolling-security InRelease' doesn't support architecture 'arm64'
N: Skipping acquire of configured file 'non-free/binary-arm64/Packages' as repository 'https://deb.parrot.sh/parrot rolling-security InRelease' doesn't support architecture 'arm64'

So clearly it’s not set up right. Is there any way to download the original RaspberryPi source list?

rikiwarren · July 8, 2022, 10:00pm

And, it looks like, after two days, I need to reset the time again manually. So it would be nice if I could automate this safely.