Unable to update list of packages!

Hi

Brand new owner of a Turris Omnia I have to say I have lot of difficulties with it !!

For now I’m trying to update it, get updated list of packages but it doesn’t work !! As my network is already in 192.168.1.X I moved IP of Omnia to 10.0.0.1 to be able to plug its wan port on my LAN and get him access to Internet for updates !!

It gets well Internet access but refuses any update due to certificate issue !! I have also deactivated on Luci the check of signature but it doesn’t resolve the problem at all !! Any ideas ??

Here is output log of attempt to get updated list of packages:

root@turris:~# opkg update
Downloading https://api.turris.cz/openwrt-repo/omnia/packages//base/Packages.gz.
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
Downloading https://api.turris.cz/openwrt-repo/omnia/packages//lucics/Packages.gz.
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
Downloading https://api.turris.cz/openwrt-repo/omnia/packages//management/Packages.gz.
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
Downloading https://api.turris.cz/openwrt-repo/omnia/packages//packages/Packages.gz.
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
Downloading https://api.turris.cz/openwrt-repo/omnia/packages//routing/Packages.gz.
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
Downloading https://api.turris.cz/openwrt-repo/omnia/packages//telephony/Packages.gz.
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
Downloading https://api.turris.cz/openwrt-repo/omnia/packages//turrispackages/Packages.gz.
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
Collected errors:
 * opkg_download: Failed to download https://api.turris.cz/openwrt-repo/omnia/packages//base/Packages.gz, curl returned 60.
 * opkg_download: Failed to download https://api.turris.cz/openwrt-repo/omnia/packages//lucics/Packages.gz, curl returned 60.
 * opkg_download: Failed to download https://api.turris.cz/openwrt-repo/omnia/packages//management/Packages.gz, curl returned 60.
 * opkg_download: Failed to download https://api.turris.cz/openwrt-repo/omnia/packages//packages/Packages.gz, curl returned 60.
 * opkg_download: Failed to download https://api.turris.cz/openwrt-repo/omnia/packages//routing/Packages.gz, curl returned 60.
 * opkg_download: Failed to download https://api.turris.cz/openwrt-repo/omnia/packages//telephony/Packages.gz, curl returned 60.
 * opkg_download: Failed to download https://api.turris.cz/openwrt-repo/omnia/packages//turrispackages/Packages.gz, curl returned 60.
root@turris:~# 

Thanks for help

Vincèn

Hi,
Here (on forum) we have atleast 4 related threads to your’s problem.

Solution:
wget http://repo.turris.cz/omnia/packages/base/ca-certificates_20161130_mvebu.ipk
install it and then run updater.sh

You have misconfigured opkg repository. It should be repo.turris.cz. In some old version of Turris OS it was api.turris.cz but then we changed it because of ssl certificates. Please update your router first using updater.sh.

Thanks will try to update it once I succeed to get back access to it Reset doesn’t look to work or I’m too stupid to understand the documentation I push and hold reset button till the 3 LED (from left) starts to go on, then I release reset button (it’s supposed to whole blink 3 times to confirm but it only blinks two, restarts and is not reset I tried also by going till 4th LED on but still same

This is actually what happens when Turris is reset to factory settings - the stock firmware version is out of date and fails randomly even during the setup wizard.

I suggest you download the Omnia medkit and update the router from the front USB port and 4 LEDs to latest version.

See Omnia Factory Reset document for more info.

Thanks to all for help, so I did the factory reset using the USB key and it definitively went well better this way

So now everything is setup and working with my crap fiber supplier here in france (Orange) and now getting a little more familiar with Luci and all features in it !!

I had the same problem after factory-resetting my Omnia from the Kickstarter days…Now the Omnia Factory Reset documentation says

The Turris Omnia router will rewrite internal eMMC storage with the system image from the USB flash drive.

Process of rewriting the internal storage takes considerably longer time than snapshot rollback in the previous cases.

Does anyone know approximately how long? I’ve been waiting for something like 45minutes… when should I give up (and then what)?

Some users reports, that wait approx hour.

I’ve been waiting for close to 2 hours now, when should I give up? And then, what should I do? The instructions say clearly

When LEDs turn red, it means that some highly sensitive operation is in process and data may be corrupted if it is interupted. Try not to reset router during the proccess or you might end up with corrupted filesystem. That one can be fixed using mode 4 but with complete data loss.

Since I’m already in Mode 4, I don’t care about data loss but I also don’t want to brick my Omnia. I also made sure the download was OK (sha256sum)… any suggestions what to try next?

While awaiting, I found the following post:

So I changed the type of USB flash drive as well, and it finished the operation in less than 30 minutes! In my case, I tried the following USB drives (formatting as reported by GNOME Disks):

• Caused problems: SanDisk Cruzer Blade, 32GB, with 3 partitions, the one containing the medkit file formatted with “W95 FAT32 (LBA)”.
• Worked: Kingston DataTraveller G2, 4GB, formatted with “W95 FAT32”.

I think this should be mentioned in the documentation, so users like myself are a bit more careful with the selection of USB thumb drives for Mode 4 re-flashing.

It also seems to suggest that “all LEDs red” doesn’t necessarily mean a “critical operation” is in progress, as I simply pressed the reset button after waiting for almost 2 hours… maybe the Mode 4 code should be changed to detect “wrong flash drives” and notify the user via the LEDs (e.g. flashing them yellow) that the update won’t complete and that they need to try a different flash drive or a different mode.