我正在尝试在装有 Ubuntu 20.04.6 LTS 的虚拟机上启用 Ubuntu Pro(免费订阅)。当我运行命令时sudo pro attach <My token>,我收到错误消息:
Failed to connect to authentication server
Check your Internet connection and try again.
网络运行正常,当我 ping 时canonical.com一切正常。然后我尝试sudo pro attach不使用令牌运行,因为从帮助中我读到,该命令应该生成一个短代码,以通过 Web 浏览器将机器连接到 Ubuntu Pro。但是,我收到了错误消息:
Initiating attach operation...
ERROR: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)
...
< Several other lines from Python interpreter >
...
Failed to connect to authentication server
Check your Internet connection and try again.
最后,命令ua status输出:
Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64&kernel=5.4.0-1102-kvm&series=focal&virt=kvm
Cannot verify certificate of server
Please check your openssl configuration.
该问题与此处报告的问题非常相似尝试附加 UA 令牌时出错但那里提出的解决方案似乎与我的问题无关。事实上:
使用以下命令,
curl -vs https://contracts.canonical.com我可以验证 Canonical 服务器的证书是否受到我的虚拟机的信任:* Trying 185.125.190.32:443... * TCP_NODELAY set * Connected to contracts.canonical.com (185.125.190.32) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=contracts.canonical.com * start date: Oct 21 03:19:23 2023 GMT * expire date: Jan 19 03:19:22 2024 GMT * subjectAltName: host "contracts.canonical.com" matched cert's "contracts.canonical.com" * issuer: C=US; O=Let's Encrypt; CN=R3 * SSL certificate verify ok. .../usr/lib/ssl/ 文件夹的结构应如下:
> ls -l /usr/lib/ssl/ total 4 lrwxrwxrwx 1 root root 14 Apr 20 2020 certs -> /etc/ssl/certs drwxr-xr-x 2 root root 4096 Oct 26 06:44 misc lrwxrwxrwx 1 root root 20 Oct 10 09:03 openssl.cnf -> /etc/ssl/openssl.cnf lrwxrwxrwx 1 root root 16 Apr 20 2020 private -> /etc/ssl/privateISRG_Root_X1.pem 证书已正确链接:
> ls -l /usr/lib/ssl/certs/4042bcee.0 lrwxrwxrwx 1 root root 16 Nov 8 15:24 /usr/lib/ssl/certs/4042bcee.0 -> ISRG_Root_X1.pem
并且我验证了它与 完全相同https://letsencrypt.org/certs/isrgrootx1.pem。我还尝试按照链接帖子中的说明添加它,但之后
sudo update-ca-certificates
sudo c_rehash /etc/ssl/certs
我收到警告:
WARNING: Skipping duplicate certificate isrgrootx1.pem
因此我的添加尝试被跳过,因为该证书已经存在于受信任的证书列表中。
知道什么可能引发证书问题以及我该如何附加我的 Ubuntu Pro 订阅吗?
答案1
我遇到了类似的问题,但没有收到实际的“ERROR:[SSL:CERTIFICATE_VERIFY_FAILED]”错误。
为我解决这个问题的方法是重新创建“usr/lib/ssl”目录结构(我这里实际上没有“ssl”文件夹,可能是因为我自行安装了 OpenSSL 以获取最新版本,并可能删除了 Ubuntu 20.04 附带的旧版本)。
只是想指出,似乎该文件夹中的符号链接对于连接到 Ubuntu 专业服务器是必要的,因此对于遇到类似问题的人来说,这是一个很好的起点。