Api.turris.cz is missing certificate chain


currently api.turris.cz does not send a valid certificate chain which causes curl to refuse to connect to it. As a result it is impossible to update or install new software.

You can verify the problem by checking: https://www.ssllabs.com/ssltest/analyze.html?d=api.turris.cz&s=

I am also surprised to see “Turris Emergency CA” as the issuer of the certificate.

Best regards

@vojtech.myslivec was so kind to answer my earlier question via twitter. To make it easier for other people to find the solution via $searchengine I forward the answer to this thread:

http://api.turris.cz uses certificate from our self-signed authority (used only for Routers) and is obsolete now. You can browse packages on https://repo.turris.cz which uses trusted certificate from #letsencrypt. Turris OS uses this URL as well from version 3.9

Sorry, I missed the question here.

Yes, api.turris.cz is only for Routers and is used by software which keep it’s own list of Authorities.

We should probably lock this topic as I hope that the answer is clear now.