linux-cli
linux-cli copied to clipboard
ProtonVPN
Inconsistent behavior of TLS certificate for Fedora 36 repository domain
- [x] I have searched open and closed issues for duplicates
- [x] This isn't a feature request
- [x] This is not a report about my app not working as expected
There is no consistent SSL/TLS certificate behavior when requesting the repository metadata file at https://repo.protonvpn.com/fedora-36-stable/repodata/repomd.xml.
After execute dnf upgrade --refresh the repository metadata update fails with the following output:
Errors during downloading metadata for repository 'protonvpn-fedora-stable':
- Curl error (60): SSL peer certificate or SSH remote key was not OK for https://repo.protonvpn.com/fedora-36-stable/repodata/repomd.xml [SSL certificate problem: unable to get local issuer certificate]
Error: Failed to download metadata for repo 'protonvpn-fedora-stable': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
This is not a persistent issue. For example, if I connect to Japan (using other VPN service) the route resolves using a valid TLS certificate issued by Let's Encrypt. On the other side, if I use a "raw" connection the route is resolved providing a TLS certificate issued by "Untangle", which is not recognized as a valid certificate.
What can I do to resolve this? Is this a DNS cache-related issue or a domain misconfiguration by your side?
Similar issues:
Additional context:
- OS: Fedora 36 Workstation KDE Spin
- 9.9.9.9 and 1.1.1.1 as DNS servers for raw connections.
- 103.86.96.100 and 103.86.99.100 as DNS servers for secured connections.
- Installation provided by the RPM located at https://repo.protonvpn.com/fedora-36-stable/release-packages/protonvpn-stable-release-1.0.1-1.noarch.rpm (as described in https://protonvpn.com/support/official-linux-vpn-fedora/)
