Install fails at FTL - appears to be a certificate problem

baz069 · October 31, 2018, 1:51am

Expected Behaviour:

Installation completing as normal

Actual Behaviour:

Install always fails at installing FTL step with an error message. Reproducible every time.

Debug Token:

cn0f90tr29

Fresh install of Raspbian Stretch Lite on a Pi Zero or an old Pi 1, both with the same results.
Installation works as expected with the exception of FTL:

[i] FTL Checks...
[‚úì] Detected ARM-hf architecture (armv6 or lower) Using ARM binary
[i] Checking for existing FTL binary...
[i] Downloading and Installing FTL...curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
[‚úó] Downloading and Installing FTL
Error: URL not found
[‚úó] FTL Engine not installed

I've ensured there is a valid entry for DNS server in /etc/resolv.conf. No option to use the -k option for curl as the url is called by the install script.

Any help much appreciated!

Barry.

jfb · October 31, 2018, 1:54am

Check the time and date on the Pi. If the time is off, then the certificate won't work.

date

jfb · October 31, 2018, 1:57am

Related threads:

baz069 · October 31, 2018, 2:06am

Thanks for the quick reply jfb.

Date & time are correct:

pi@raspberrypi:~$ date
Wed 31 Oct 02:02:08 GMT 2018

certs seem to be in place:

pi@raspberrypi:~$ ls /etc/ssl/certs | wc -l
454
pi@raspberrypi:~$  ls /etc/ssl/certs | grep COMODO
COMODO_Certification_Authority.pem
COMODO_ECC_Certification_Authority.pem
COMODO_RSA_Certification_Authority.pem

Checking install now with curl -sSLk, i'll report back asap!

baz069 · October 31, 2018, 2:08am

Same issue with curl -sSLk unfortunately:

 [i] FTL Checks...
  [‚úì] Detected ARM-hf architecture (armv6 or lower) Using ARM binary
  [i] Checking for existing FTL binary...
  [i] Downloading and Installing FTL...curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
  [‚úó] Downloading and Installing FTL
  Error: URL not found
  [‚úó] FTL Engine not installed

baz069 · October 31, 2018, 2:11am

Just a little more info - sudo apt-get update & apt-get upgrade was carried out prior to pi-hole installation.

baz069 · October 31, 2018, 8:48am

All sorted now!

It was my own fault - my firewall was blocking the FTL installation

system · November 21, 2018, 8:49am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.