54

I've got a VM running CentOS 6 (64bit) and I'm attempting to add the EPEL repo like usual to install various packages as I do quite regularly.

Today, I'm experiencing some strange errors yet I'm doing absolutely nothing differently.

I'm adding EPEL like so:

# wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -ivh epel-release-6-8.noarch.rpm

Yet when I try running yum for anything, I'm getting this error:

[root@core /]# yum list

Loaded plugins: fastestmirror

Determining fastest mirrors

Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again

Any ideas? I'm stumped!

Community
  • 1
Tom
  • 719

4 Answers4

118

The correct fix is to update your SSL certificates.

sudo yum upgrade ca-certificates --disablerepo=epel

You need to disable the epel repo so that this command will succeed. After you update your certificates you can use yum normally as EPEL will work again.

Jo Rhett
  • 1,319
  • 1
  • 9
  • 6
15

I had this problem, and it boiled down to the SSL certificate not being verifiable when getting the updated metalink file for EPEL via HTTPS. I suppose that I could have drilled down through the certificate chain to find out why, but in order to get my server working again, I sidestepped the problem by adding the following line into /etc/yum.repos.d/epel.repo:

[epel]
...
sslverify=false

I didn't think this was insanely unsafe, because the packages themselves are still verified by GPG-signature check.

MadHatter
  • 81,580
9

You can modify the epel repo to use http instead of https by running the following as root/sudo

sed -i "s/mirrorlist=https/mirrorlist=http/" /etc/yum.repos.d/epel.repo
siebo
  • 229
6

Ridiculously using secure HTTP is causing a problem yet normal HTTP is working fine. This shouldn't be happening with a fresh install so there must be an issue with Fedora's repositories. It's working now.

Tom
  • 719