What is the output of this command?
curl -i https://github.com/pi-hole/FTL/releases/latest
What is the output of this command?
curl -i https://github.com/pi-hole/FTL/releases/latest
Now I’m getting some output:
pi@rpi:~ $ curl -i https://github.com/pi-hole/FTL/releases/latest
curl: (35) error:1409441B:SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error
pi@rpi:~ $
How about:
curl -svi https://github.com/pi-hole/FTL/releases/latest
Sorry, on mobile. Edited formatting.
pi@rpi:~ $ curl -svi https://github.com/pi-hole/FTL/releases/latest
* Trying 192.30.253.112...
* TCP_NODELAY set
* Connected to github.com (192.30.253.112) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: businessCategory=Private Organization; jurisdictionC=US; jurisdictionST=Delaware; serialNumber=5157550; street=88 Colin P Kelly, Jr Street; postalCode=94107; C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=github.com
* start date: Mar 10 00:00:00 2016 GMT
* expire date: May 17 12:00:00 2018 GMT
* subjectAltName: host "github.com" matched cert's "github.com"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Extended Validation Server CA
* SSL certificate verify ok.
> GET /pi-hole/FTL/releases/latest HTTP/1.1
> Host: github.com
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 302 Found
HTTP/1.1 302 Found
< Server: GitHub.com
Server: GitHub.com
< Date: Wed, 02 May 2018 19:03:11 GMT
Date: Wed, 02 May 2018 19:03:11 GMT
< Content-Type: text/html; charset=utf-8
Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
Transfer-Encoding: chunked
< Status: 302 Found
Status: 302 Found
< Cache-Control: no-cache
Cache-Control: no-cache
< Vary: X-PJAX
Vary: X-PJAX
< Location: https://github.com/pi-hole/FTL/releases/tag/v3.0
Location: https://github.com/pi-hole/FTL/releases/tag/v3.0
< Set-Cookie: logged_in=no; domain=.github.com; path=/; expires=Sun, 02 May 2038 19:03:11 -0000; secure; HttpOnly
Set-Cookie: logged_in=no; domain=.github.com; path=/; expires=Sun, 02 May 2038 19:03:11 -0000; secure; HttpOnly
< Set-Cookie: _gh_sess=b3BCZm9VOW1KQTVMc0Y0UDI5Rkw1QU5GakI1NVRza1pGcS82dzNWTURQL25DdlpGblRQSFZscmJ2elNlWlBNdnpFTjJtS1FVN0RIQVNJQ2NiUS9RcnZoTVVmZDZFdzV5cHExVktaaEJUb1J6NStDNE9kN3A1d1Y1Q29xS2xUK0tpUkpNUk9kNk5UVUhPQlNkVGhVcFEyQTA1WVgrM2o5NlpiZVpSdEp4enFLTkdFMlZKU2NQSXZWbHplZGRHRndNLS1uUFVCbXV2ZkRQeC83V3p0VnBKYXF3PT0%3D--730fe178ffd95bfc2f874dc7589b758aeec87b75; path=/; secure; HttpOnly
Set-Cookie: _gh_sess=b3BCZm9VOW1KQTVMc0Y0UDI5Rkw1QU5GakI1NVRza1pGcS82dzNWTURQL25DdlpGblRQSFZscmJ2elNlWlBNdnpFTjJtS1FVN0RIQVNJQ2NiUS9RcnZoTVVmZDZFdzV5cHExVktaaEJUb1J6NStDNE9kN3A1d1Y1Q29xS2xUK0tpUkpNUk9kNk5UVUhPQlNkVGhVcFEyQTA1WVgrM2o5NlpiZVpSdEp4enFLTkdFMlZKU2NQSXZWbHplZGRHRndNLS1uUFVCbXV2ZkRQeC83V3p0VnBKYXF3PT0%3D--730fe178ffd95bfc2f874dc7589b758aeec87b75; path=/; secure; HttpOnly
< X-Request-Id: 7f2f9b0d-388b-474c-912f-8008f6c988b9X-Request-Id: 7f2f9b0d-388b-474c-912f-8008f6c988b9
< X-Runtime: 0.072702
X-Runtime: 0.072702
< Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
< X-Frame-Options: deny
X-Frame-Options: deny
< X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; mode=block
< Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
< Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com status.github.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src assets-cdn.github.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: assets-cdn.github.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src assets-cdn.github.com; style-src 'unsafe-inline' assets-cdn.github.com
Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com status.github.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src assets-cdn.github.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: assets-cdn.github.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src assets-cdn.github.com; style-src 'unsafe-inline' assets-cdn.github.com
< X-Runtime-rack: 0.080398
X-Runtime-rack: 0.080398
< X-GitHub-Request-Id: ED5C:095C:82437D:FDE5A9:5AEA0B6F
X-GitHub-Request-Id: ED5C:095C:82437D:FDE5A9:5AEA0B6F
<
* Curl_http_done: called premature == 0
* Connection #0 to host github.com left intact
<html><body>You are being <a href="https://github.com/pi-hole/FTL/releases/tag/v3.0">redirected</a>.</body></html>pi@rpi:~ $
Hm, that looks like it is working. What's the output of these commands now?
curl -sI https://github.com/pi-hole/FTL/releases/latest
curl -sI https://github.com/pi-hole/FTL/releases/latest | grep "Location" | awk -F '/' '{print $NF}'
Same result as before, no output:
pi@rpi:~ $ curl -sI https://github.com/pi-hole/FTL/releases/latest
pi@rpi:~ $
pi@rpi:~ $ curl -sI https://github.com/pi-hole/FTL/releases/latest | grep "Location" | awk -F '/' '{print $NF}'
pi@rpi:~ $
curl -si https://github.com/pi-hole/FTL/releases/latest
Same:
pi@rpi:~ $ curl -si https://github.com/pi-hole/FTL/releases/latest
pi@rpi:~ $
Can you visit that URL in a browser using Pi-hole?
Sorry, I'm on a mobile right now. I'm connected through a VPN to reach my Pihole (not at home) so I can't test on my local network. Below is a simple wget from the PiHole:
pi@rpi:~ $ wget https://github.com/pi-hole/FTL/releases/latest
--2018-05-02 15:26:24-- https://github.com/pi-hole/FTL/releases/latest
Resolving github.com (github.com)... 192.30.253.112, 192.30.253.113
Connecting to github.com (github.com)|192.30.253.112|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://github.com/pi-hole/FTL/releases/tag/v3.0 [following]
--2018-05-02 15:26:24-- https://github.com/pi-hole/FTL/releases/tag/v3.0
Reusing existing connection to github.com:443.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘latest’
latest 48.96K --.-KB/s in 0.06s
2018-05-02 15:26:25 (816 KB/s) - ‘latest’ saved [50139]
pi@rpi:~ $
Ok, try curl -Si https://github.com/pi-hole/FTL/releases/latest
pi@rpi:~ $ curl -Si https://github.com/pi-hole/FTL/releases/latest
curl: (35) error:1409441B:SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error
pi@rpi:~ $
What is the output of:
sudo apt-cache policy ca-certificates
pi@rpi:~ $ sudo apt-cache policy ca-certificates
ca-certificates:
Installed: 20161130+nmu1
Candidate: 20161130+nmu1
Version table:
*** 20161130+nmu1 500
500 http://raspbian.raspberrypi.org/raspbian stretch/main armhf Packages
100 /var/lib/dpkg/status
pi@rpi:~ $
Run sudo apt-get update
and then the previous command.
pi@rpi:~ $ sudo apt-get update
Get:1 http://archive.raspberrypi.org/debian stretch InRelease [25.3 kB]
Get:2 http://raspbian.raspberrypi.org/raspbian stretch InRelease [15.0 kB]
Get:3 http://raspbian.raspberrypi.org/raspbian stretch/main armhf Packages [11.7 MB]
Fetched 11.7 MB in 10s (1,147 kB/s)
Reading package lists... Done
pi@rpi:~ $ sudo apt-cache policy ca-certificates
ca-certificates:
Installed: 20161130+nmu1
Candidate: 20161130+nmu1
Version table:
*** 20161130+nmu1 500
500 http://raspbian.raspberrypi.org/raspbian stretch/main armhf Packages
100 /var/lib/dpkg/status
pi@rpi:~ $
You might not have up to date CA certificates.
Try these commands:
sudo apt-get purge ca-certificates
sudo apt-get install ca-certificates
Edit: And for good measure, sudo apt-get upgrade
I ran the purge
and update
commands, the the upgrade
(which had nothing to upgrade) successfully.
I re-ran pihole -up
but still get the original error message.
Below is the output from sudo apt-cache policy ca-certificates
after running the above commands:
pi@rpi:~ $ sudo apt-cache policy ca-certificates
ca-certificates:
Installed: 20161130+nmu1
Candidate: 20161130+nmu1
Version table:
*** 20161130+nmu1 500
500 http://raspbian.raspberrypi.org/raspbian stretch/main armhf Packages
100 /var/lib/dpkg/status
pi@rpi:~ $
I just tested and was able to access this URL on a browser in my network.
It sounds like your Pi has some issue with HTTPS then. Can you access other HTTPS sites? You might want to try reinstalling the latest version of Raspbian Stretch.