distributions: Error gnutls_handshake() failed: Handshake failed on debian

Hello,

Today, apt-get update is failing with this error on my computer debian:

W: impossible de récupérer https://deb.nodesource.com/node_4.x/dists/jessie/main/binary-amd64/Packages : gnutls_handshake() failed: Handshake failed
E: Échec du téléchargement pour certains fichiers d'index. Soit ils ont été ignorés, soit les anciens fichiers ont été utilisés à la place.
E: Impossible de reconstruire le cache des paquets

Yesterday it worked, the issue seem to have appeared just a few hour ago. Any idea?

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Reactions: 33
  • Comments: 51 (1 by maintainers)

Commits related to this issue

Most upvoted comments

Thanks all for posting - we’re investigating from our side and are in touch with AWS to gather more information. I will update this issue with more information as it becomes available.

I am having the same problem since today (AWS CodeBuild image with Ubuntu 14.04):

Failed to fetch https://deb.nodesource.com/node_10.x/dists/trusty/main/source/Sources gnutls_handshake() failed: Handshake failed

with the following command:

curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
sudo apt-get install -y nodejs

Is anyone experiencing this?

Thank you in advance.

@omeraplak @sqlProvider @ibrennan The issue is that you still have the old source files.

Please run first :

sudo rm /etc/apt/sources.list.d/node.js.list /etc/apt/sources.list.d/nodesource.list

Then

curl -sL https://d2buw04m05mirl.cloudfront.net/setup_6.x | sed "s/deb.nodesource.com/d2buw04m05mirl.cloudfront.net/" | sed "s/\(deb\(-src\)\? http\)s/\1/" | sudo -E bash -

Please confirm if this workaround does it for you. (Edit: As someone said before, this is a dirty temporary solution. When this is fixed upstream, please go back to using HTTPS for your packages)

Update: we (Docker) got informed that AWS identified a possible cause and is rolling out updates. It may take some time for those to be available everywhere. Hopefully the issue will be resolved by that. Keep us posted if the problem maintains, because the issue depends on which CDN mirror is picked by your machine.

Don’t forget to revert workarounds (e.g. overrides in /etc/hosts or removing https) 😄

I have the same problem Ubuntu 14.04

root@desenvolvimento:/home/bernardo# cat /etc/apt/sources.list.d/nodesource.list deb https://deb.nodesource.com/node_10.x trusty main deb-src https://deb.nodesource.com/node_10.x trusty main

I’ve run curl --silent https://deb.nodesource.com/gpgkey/nodesource.gpg.key | sudo apt-key add -

and the error continues

W: Falhou ao buscar https://deb.nodesource.com/node_10.x/dists/trusty/main/source/Sources gnutls_handshake() failed: Handshake failed

W: Falhou ao buscar https://deb.nodesource.com/node_10.x/dists/trusty/main/binary-amd64/Packages gnutls_handshake() failed: Handshake failed

W: Falhou ao buscar https://deb.nodesource.com/node_10.x/dists/trusty/main/binary-i386/Packages gnutls_handshake() failed: Handshake failed

with node 12.x same error

root@desenvolvimento:/home/bernardo# gnutls-cli -V -p 443 deb.nodesource.com Resolving ‘deb.nodesource.com’… Connecting to ‘2001:12f0:210::c88f:f709:443’… *** Fatal error: A TLS fatal alert has been received. *** Received alert [40]: Handshake failed *** Handshake has failed GnuTLS error: A TLS fatal alert has been received.

Our (Docker) team is also in contact with AWS. So far it appears to be an issue on their side (but not confirmed yet), and fails on distros running an older version of gnutils (Ubuntu 14.04, Ubuntu 12.04)

There’s an issue with the docker project too… https://github.com/docker/docker/issues/16941#issuecomment-260912326 52.222.171.* might be bad??

$ dig deb.nodesource.com

; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> deb.nodesource.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9462
;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;deb.nodesource.com.            IN      A

;; ANSWER SECTION:
deb.nodesource.com.     299     IN      CNAME   d2buw04m05mirl.cloudfront.net.
d2buw04m05mirl.cloudfront.net. 59 IN    A       52.222.171.152
d2buw04m05mirl.cloudfront.net. 59 IN    A       52.222.171.12
d2buw04m05mirl.cloudfront.net. 59 IN    A       52.222.171.174
d2buw04m05mirl.cloudfront.net. 59 IN    A       52.222.171.90
d2buw04m05mirl.cloudfront.net. 59 IN    A       52.222.171.105
d2buw04m05mirl.cloudfront.net. 59 IN    A       52.222.171.113
d2buw04m05mirl.cloudfront.net. 59 IN    A       52.222.171.102
d2buw04m05mirl.cloudfront.net. 59 IN    A       52.222.171.144

;; Query time: 56 msec
;; SERVER: 10.0.2.3#53(10.0.2.3)
;; WHEN: Wed Nov 16 10:39:21 UTC 2016
;; MSG SIZE  rcvd: 218

I can confirm this on a fresh ubuntu/trusty64 box using vagrant

The incompatibility between the certificate ciphers and those available in Ubuntu Trusty Tahr 14.04 caused this issue.

Please all confirm that it works correctly and sorry for the inconvenience.

I tested it now and returned to normal I didn’t change anything

This issue is not yet resolved for me:

Failed to fetch https://deb.nodesource.com/node_6.x/dists/jessie/main/source/Sources  gnutls_handshake() failed: Handshake failed

see: https://travis-ci.org/TheTorProject/ooni-measurements/builds/176429312#L1680

Thanks, it works for me too!

As of October 26th Debian Jessie nodes with libgnutls-deb0-28=3.3.8-6+deb8u3 (The latest version) were able to download from Nodesource - but now can’t. 3.3.8-6+deb8u2 also fails.

So, since that date, either: (1) Nodesource have moved to Cloudfront, or… (2) AWS Cloudfront have changed something in SSL.

I’m looking into the exact failure, but I suspect a non-HTTP workaround will prove difficult if it’s a Cloudfront problem.

@Hashfyre yes… that’s why I’m not deploying today… Skipped the deployment for today and will do it on Friday 😉 NOBODY should be doing this in production or on their systems. Try these things inside a VM…

Of course I can change the servers etc. but mehhh, this should get fixed soon, there’s no fire… everything’s okay… http://weknowmemes.com/wp-content/uploads/2014/09/this-is-fine-meme.jpg

@Esya It’s doesn’t work on ubuntu 14.04

Workaround for now:

change

deb https://deb.nodesource.com/node_5.x $distribution main

to

deb https://d2buw04m05mirl.cloudfront.net/node_5.x $distribution main

(It’s the same server but the SSL handshake will suceed - apt doesn’t need to know about SNI in this case.)