4

The problem showed itself when I executed apt-get update and it failed when trying to update gitlab-ce repository with following error (although it just did work about a month ago):

W: Failed to fetch https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu/dists/xenial/InRelease  Operation timed out after 0 milliseconds with 0 out of 0 bytes received

then I tried curl to see the same URL and again it failed with following message:

curl -vvv https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu/dists/xenial/InRelease
*   Trying 54.153.54.194...
* Connected to packages.gitlab.com (54.153.54.194) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 600 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* Operation timed out after 0 milliseconds with 0 out of 0 bytes received
* Closing connection 0
curl: (28) Operation timed out after 0 milliseconds with 0 out of 0 bytes received

but the funny thing is when I try to open the same URL using Firefox from the same system, it just works, although it redirects to another URL, but it works. The redirection target is something such as

https://packages-gitlab-com.s3-accelerate.amazonaws.com/7/8/ubuntu/dists/xenial/InRelease?AWSAccessKeyId=AKIAJ74R7IHMTQVGFCEA&Signature=Dwkp3C7Q2mXBtiPCUiFZhoGzWF8%3D&Expires=1529707236

What can I do to fix the problem and make apt-get update work again.

The result of curl -V:

curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets
Amir Pashazadeh
  • 161

2 Answers2

3

I'm not sure why you're getting a timeout. Oddly the tcp connection is successful, but the ALPN extension to TLS is whats causing the timeout. You're not getting an ALPN response. Perhaps its transient? You could try adding the option --no-alpn also. Regardless, for curl to retrieve the file you want, you will need the -L option to follow redirects. The following works for me: curl -vvvL https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu/dists/xenial/InRelease

crass
  • 495
1

You're probably experiencing server overload issues. I just tried your curl command and it returned fine:

nosklo@onyx:/tmp$ curl -vvv https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu/dists/xenial/InRelease
*   Trying 54.153.54.194...
* TCP_NODELAY set
* Connected to packages.gitlab.com (54.153.54.194) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: OU=Domain Control Validated; OU=PositiveSSL; CN=packages.gitlab.com
*  start date: Feb 21 00:00:00 2018 GMT
*  expire date: Feb 26 23:59:59 2019 GMT
*  subjectAltName: host "packages.gitlab.com" matched cert's "packages.gitlab.com"
*  issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA
*  SSL certificate verify ok.
> GET /gitlab/gitlab-ce/ubuntu/dists/xenial/InRelease HTTP/1.1
> Host: packages.gitlab.com
> User-Agent: curl/7.58.0
> Accept: */*
> 
< HTTP/1.1 302 Found
< Server: nginx
< Date: Fri, 22 Jun 2018 22:43:09 GMT
< Content-Type: text/html;charset=utf-8
< Content-Length: 0
< Connection: keep-alive
< Location: https://packages-gitlab-com.s3-accelerate.amazonaws.com/7/8/ubuntu/dists/xenial/InRelease?AWSAccessKeyId=AKIAJ74R7IHMTQVGFCEA&Signature=fTf126FjXAZAHkuzf2LKKLV5O5s%3D&Expires=1529707689
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< Cache-Control: no-cache
< X-Request-Id: 62f491a7-9ae3-45c1-bb09-21ccfd83c855
< X-Runtime: 0.005186
< Strict-Transport-Security: max-age=31536000
< X-Frame-Options: DENY
< 
* Connection #0 to host packages.gitlab.com left intact

If you still have problems, please show us the results of curl -V

nosklo
  • 383