RetroPie forum home
    • Recent
    • Tags
    • Popular
    • Home
    • Docs
    • Register
    • Login
    Please do not post a support request without first reading and following the advice in https://retropie.org.uk/forum/topic/3/read-this-first

    retroarch.sh - certificate errors

    Scheduled Pinned Locked Moved
    Help and Support
    retroarch.sh curl ssl certificate expired ca-certificates
    3
    6
    813
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sansgui
      last edited by

      When installing RetroPie 4.7.19 on a Raspberry Pi 3B running OSMC, retroarch.sh is receiving certificate errors when downloading/cloning

      • retroarch-minimal-assets.tar.gz
      • Snes9x

      Most package dependencies were manually added prior to running the RetroPie-Setup script. Attempted on an existing system and repeated with a clean OSMC image install.
      After basic install, both resulted in...
      Retroarch error.jpg

      Log excerpts

      Log started at: Fri Oct  8 01:25:45 MST 2021

RetroPie-Setup version: 4.7.19 (9b9f052c)
System: rpi3 (armv7l) - Debian GNU/Linux 9.12 (stretch) - Linux osmc 4.19.122-1-osmc #1 SMP PREEMPT Wed May 27 07:09:59 UTC 2020 armv7l GNU/Linux
Update is available - updating ...

      = = = = = = = = = = = = = = = = = = = = =
Configuring 'retroarch' : RetroArch - frontend to the libretro emulator cores - required by all lr-* emulators
= = = = = = = = = = = = = = = = = = = = =

git clone --recursive --depth 1 --branch rpi "https://github.com/RetroPie/common-shaders.git" "/opt/retropie/configs/all/retroarch/shaders"
Cloning into '/opt/retropie/configs/all/retroarch/shaders'...
HEAD is now in branch 'rpi' at commit 'b7cdc50258908e8f1906f8fc13a2fac4a9796dc6'
Downloading https://files.retropie.org.uk/binaries/retroarch-minimal-assets.tar.gz to /tmp/tmp.xCTF1aOXfB/retroarch-minimal-assets.tar.gz ...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
git clone --recursive --depth 1 --branch master "https://github.com/libretro/retroarch-joypad-autoconfig.git" "/home/osmc/RetroPie-Setup/tmp/build/retroarch/autoconfigs"
Cloning into '/home/osmc/RetroPie-Setup/tmp/build/retroarch/autoconfigs'...
HEAD is now in branch 'master' at commit 'dc8d638db01288a51678dbd1edcbe358d12b0eab'
Copying default configuration to /opt/retropie/configs/all/retroarch.cfg
URL https://files.retropie.org.uk/binaries/retroarch-minimal-assets.tar.gz failed to download.

 the -k (or --insecure) option.
/home/osmc/RetroPie-Setup
Update is available - updating ...

      = = = = = = = = = = = = = = = = = = = = =
Getting sources for 'lr-snes9x' : Super Nintendo emu - Snes9x (current) port for libretro
= = = = = = = = = = = = = = = = = = = = =

git clone --recursive --depth 1 --branch master "https://github.com/libretro/snes9x.git" "/home/osmc/RetroPie-Setup/tmp/build/lr-snes9x"
Cloning into '/home/osmc/RetroPie-Setup/tmp/build/lr-snes9x'...
Submodule 'shaders/SPIRV-Cross' (https://github.com/KhronosGroup/SPIRV-Cross.git) registered for path 'shaders/SPIRV-Cross'
Submodule 'shaders/glslang' (https://github.com/KhronosGroup/glslang.git) registered for path 'shaders/glslang'
Submodule 'win32/DirectXMath' (https://github.com/Microsoft/DirectXMath) registered for path 'win32/DirectXMath'
Submodule 'win32/libpng/src' (https://git.code.sf.net/p/libpng/code) registered for path 'win32/libpng/src'
Submodule 'win32/zlib/src' (https://github.com/madler/zlib.git) registered for path 'win32/zlib/src'
Cloning into '/home/osmc/RetroPie-Setup/tmp/build/lr-snes9x/shaders/SPIRV-Cross'...
Cloning into '/home/osmc/RetroPie-Setup/tmp/build/lr-snes9x/shaders/glslang'...
Cloning into '/home/osmc/RetroPie-Setup/tmp/build/lr-snes9x/win32/DirectXMath'...
Cloning into '/home/osmc/RetroPie-Setup/tmp/build/lr-snes9x/win32/libpng/src'...
fatal: unable to access 'https://git.code.sf.net/p/libpng/code/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
fatal: clone of 'https://git.code.sf.net/p/libpng/code' into submodule path '/home/osmc/RetroPie-Setup/tmp/build/lr-snes9x/win32/libpng/src' failed
Failed to clone 'win32/libpng/src'. Retry scheduled
Cloning into '/home/osmc/RetroPie-Setup/tmp/build/lr-snes9x/win32/zlib/src'...
Cloning into '/home/osmc/RetroPie-Setup/tmp/build/lr-snes9x/win32/libpng/src'...
fatal: unable to access 'https://git.code.sf.net/p/libpng/code/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
fatal: clone of 'https://git.code.sf.net/p/libpng/code' into submodule path '/home/osmc/RetroPie-Setup/tmp/build/lr-snes9x/win32/libpng/src' failed
Failed to clone 'win32/libpng/src' a second time, aborting
HEAD is now in branch 'master' at commit '723521970ba1558526bea56df9deef3baac6dfc2'
Error running 'git clone --recursive --depth 1 --branch master https://github.com/libretro/snes9x.git /home/osmc/RetroPie-Setup/tmp/build/lr-snes9x' - returned 1
/home/osmc/RetroPie-Setup
Update is available - updating ...
      • Seems like setting curl with the insecure switch might not be ideal, at least on the system.
      • Guessing an option here would be to run the setup/install process, edit the retroarch script with the -k, then re-running the setup/install a second time.
      • Are there other options, possibly downloading the files manually and placing them in the correct locations for the script to continue successfully?
      1 Reply Last reply Reply Quote 0
      • mituM
        mitu Global Moderator
        last edited by

        @sansgui said in retroarch.sh - certificate errors:

        System: rpi3 (armv7l) - Debian GNU/Linux 9.12 (stretch) - Linux osmc 4.19.122-1-osmc #1 SMP PREEMPT Wed May 27 07:09:59 UTC 2020 armv7l GNU/Linux

        You're running an old Debian release which is no longer supported by RetroPie - didn't you get a message about the distro being unsupported when starting RetroPie-Setup ?

        Looks like your SSL CA file is too old and it's not recognizing newer certificates, hence the errors during download.

        S 1 Reply Last reply Reply Quote 0
        • S
          sansgui @mitu
          last edited by sansgui

          @mitu Thank you.

          No, I did not see any messages about an unsupported version. Also, the logs do not contain any messages about an unsupported version. I did install the last Raspian Stretch image and was able to see the message you are referring to.

          It is a shame, for the moment, I am tied to Stretch due to another software on the system that still requires it. Funny thing is Retroarch provided the only errors, I can still start the emulation station and play games.

          B 1 Reply Last reply Reply Quote 0
          • B
            barbudreadmon @sansgui
            last edited by barbudreadmon

            @sansgui this is most likely about DST_Root_CA_X3 ssl expiration from last week, you can try the following :

            1. open /etc/ca-certificates.conf for edition (as admin)
            2. search for the mozilla/DST_Root_CA_X3.crt line, add a ! right before
            3. save and close
            4. run update-ca-certificates -f -v as admin

            FBNeo developer - github - forum

            S 2 Replies Last reply Reply Quote 1
            • S
              sansgui @barbudreadmon
              last edited by

              @barbudreadmon Thank you.

              Giving the setup scripts a run thru now with the change. I had tried updating DigiCert certificates, which didn't matter, before realizing the urls are verified by Let's Encrypt.

              Internet Security Research Group - ISRG Root X1
              ISRG Root X1 (RSA 4096, O = Internet Security Research Group, CN = ISRG Root X1)

              Cross-signed by DST Root CA X3

              Will try a clean install after this attempt and update, finger's crossed.

              1 Reply Last reply Reply Quote 0
              • S
                sansgui @barbudreadmon
                last edited by

                @barbudreadmon Thank you, Nailed it!

                Disabling the expired DST_Root_CA_X3.crt fixes the issue. Re-running the setup and/or a clean install, both completed successfully.

                = = = = = = = = = = = = = = = = = = = = =
Configuring 'retroarch' : RetroArch - frontend to the libretro emulator cores - required by all lr-* emulators
= = = = = = = = = = = = = = = = = = = = =

git clone --recursive --depth 1 --branch rpi "https://github.com/RetroPie/common-shaders.git" "/opt/retropie/configs/all/retroarch/shaders"
Cloning into '/opt/retropie/configs/all/retroarch/shaders'...
HEAD is now in branch 'rpi' at commit 'b7cdc50258908e8f1906f8fc13a2fac4a9796dc6'
Downloading https://files.retropie.org.uk/binaries/retroarch-minimal-assets.tar.gz to /tmp/tmp.gjxzCRtYwm/retroarch-minimal-assets.tar.gz ...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0 5263k    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
 27 5263k   27 1439k    0     0   805k      0  0:00:06  0:00:01  0:00:05  805k
100 5263k  100 5263k    0     0  2018k      0  0:00:02  0:00:02 --:--:-- 2019k

                = = = = = = = = = = = = = = = = = = = = =
Getting sources for 'lr-snes9x' : Super Nintendo emu - Snes9x (current) port for libretro
= = = = = = = = = = = = = = = = = = = = =

git clone --recursive --depth 1 --branch master "https://github.com/libretro/snes9x.git" "/home/osmc/RetroPie-Setup/tmp/build/lr-snes9x"
Cloning into '/home/osmc/RetroPie-Setup/tmp/build/lr-snes9x'...
Submodule 'shaders/SPIRV-Cross' (https://github.com/KhronosGroup/SPIRV-Cross.git) registered for path 'shaders/SPIRV-Cross'
Submodule 'shaders/glslang' (https://github.com/KhronosGroup/glslang.git) registered for path 'shaders/glslang'
Submodule 'win32/DirectXMath' (https://github.com/Microsoft/DirectXMath) registered for path 'win32/DirectXMath'
Submodule 'win32/libpng/src' (https://git.code.sf.net/p/libpng/code) registered for path 'win32/libpng/src'
Submodule 'win32/zlib/src' (https://github.com/madler/zlib.git) registered for path 'win32/zlib/src'
Cloning into '/home/osmc/RetroPie-Setup/tmp/build/lr-snes9x/shaders/SPIRV-Cross'...
Cloning into '/home/osmc/RetroPie-Setup/tmp/build/lr-snes9x/shaders/glslang'...
Cloning into '/home/osmc/RetroPie-Setup/tmp/build/lr-snes9x/win32/DirectXMath'...
Cloning into '/home/osmc/RetroPie-Setup/tmp/build/lr-snes9x/win32/libpng/src'...
Cloning into '/home/osmc/RetroPie-Setup/tmp/build/lr-snes9x/win32/zlib/src'...
Submodule path 'shaders/SPIRV-Cross': checked out '1458bae62ec67ea7d12c5a13b740e23ed4bb226c'
Submodule path 'shaders/glslang': checked out 'bcf6a2430e99e8fc24f9f266e99316905e6d5134'
Submodule path 'win32/DirectXMath': checked out 'ffb2edbd1627e9eec75f68b4ff00e0861ad84ebe'
Submodule path 'win32/libpng/src': checked out 'b78804f9a2568b270ebd30eca954ef7447ba92f7'
Submodule path 'win32/zlib/src': checked out 'cacf7f1d4e3d44d871b605da3b647f07d718623f'
HEAD is now in branch 'master' at commit '723521970ba1558526bea56df9deef3baac6dfc2'
/home/osmc/RetroPie-Setup
/home/osmc/RetroPie-Setup/tmp/build/lr-snes9x /home/osmc/RetroPie-Setup

                Notes: This applied to the June 2020 Update of OSMC (The last Stretch version) and as mitu pointed out, Stretch should not be considered supported.

                Info about the certificate expiration can be found here
                https://letsencrypt.org/docs/certificate-compatibility/

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Contributions to the project are always appreciated, so if you would like to support us with a donation you can do so here.

                Hosting provided by Mythic-Beasts. See the Hosting Information page for more information.