[SAC] 'peer not authenticated' error when trying to use repo.osgeo.org

I'm using this artifact in a Maven project:

<dependency>
   <groupId>org.geotools</groupId>
   <artifactId>gt-shapefile</artifactId>
   <version>26.1</version>
</dependency>

I included the OSGeo repository in my `pom.xml` file like this:

<repository>
   <id>osgeo</id>
   <name>OSGeo Release Repository</name>
   <url>https://repo.osgeo.org/repository/release/</url>
   <snapshots><enabled>false</enabled></snapshots>
   <releases><enabled>true</enabled></releases>
</repository>

Running `mvn clean install` on Travis I get the following error:

Could not transfer artifact org.geotools:gt-metadata:jar:26.1 from/to osgeo (https://repo.osgeo.org/repository/release/): peer not authenticated

Strangely, this does work using openjdk8, but not openjdk11. Also it seems that some artifacts are downloaded from repo.osgeo.org without problems, but for some I receive the above error.

Can you give any advice how to fix or further debug this?

And a bonus question: Are there any plans to or reasons against publishing the geotools artifacts on Maven Central?

Thanks in advance and best regards,
Andreas

This sounds like it might be an SSL issue.

We had issues with the certs cause we are using Letsencrypt and the
Letsencrypt root certificate expired as detailed here:
https://docs.certifytheweb.com/docs/kb/kb-202109-letsencrypt/

That necessitated updating all the servers and on my projects I had to
update the docker images we were using.

So I'm guessing your openjdk might be linked to some old certs.
It's odd you are having issue with the newer one and not the older though.

Are you running both on same server?

Usually an OS update (for newer OS) fixes the issue.
Unfortunately I don't know much about Java to know things like what cert
path it uses or even how to test maven.

I'm also puzzled that some artifacts are downloaded and some are not.
Are these by chance maybe cached and it's the newer artifacts you are having
issue with?

Hope that help,
Regina

-----Original Message-----
From: Sac [mailto:sac-bounces@lists.osgeo.org] On Behalf Of Andreas Barth
Sent: Wednesday, December 8, 2021 6:01 AM
To: sac@lists.osgeo.org
Subject: [SAC] 'peer not authenticated' error when trying to use

repo.osgeo.org

I'm using this artifact in a Maven project:

<dependency>
   <groupId>org.geotools</groupId>
   <artifactId>gt-shapefile</artifactId>
   <version>26.1</version>
</dependency>

I included the OSGeo repository in my `pom.xml` file like this:

<repository>
   <id>osgeo</id>
   <name>OSGeo Release Repository</name>
   <url>https://repo.osgeo.org/repository/release/</url>
   <snapshots><enabled>false</enabled></snapshots>
   <releases><enabled>true</enabled></releases>
</repository>

Running `mvn clean install` on Travis I get the following error:

```
Could not transfer artifact org.geotools:gt-metadata:jar:26.1 from/to

osgeo

(https://repo.osgeo.org/repository/release/): peer not authenticated ```

Strangely, this does work using openjdk8, but not openjdk11. Also it seems

that

some artifacts are downloaded from repo.osgeo.org without problems, but

for

some I receive the above error.

Can you give any advice how to fix or further debug this?

And a bonus question: Are there any plans to or reasons against publishing

the

geotools artifacts on Maven Central?

Thanks in advance and best regards,
Andreas
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/sac

Ah I just noticed that article I linked to has a section on Java. Not sure if that is helpful.

Here is the bit from it, hopefully makes more sense to you than me

------------------------------------------
Java based systems etc​

Some applications maintain their own trust store. You may need to add the newer ISRG Root X1 certificate into your systems trusts store. Any system that can't be updated needs to see the legacy chain or you need to switch CA.

e.g. for Java you might use: keytool -import -alias isrgrootx1 -keystore $JAVA_HOME/jre/lib/security/cacerts -trustcacerts -file isrgrootx1.cer (credit)
-----

-----Original Message-----
From: Regina Obe [mailto:lr@pcorp.us]
Sent: Wednesday, December 8, 2021 8:09 PM
To: 'System Administration Committee Discussion/OSGeo'
<sac@lists.osgeo.org>
Subject: RE: [SAC] 'peer not authenticated' error when trying to use
repo.osgeo.org

This sounds like it might be an SSL issue.

We had issues with the certs cause we are using Letsencrypt and the Letsencrypt
root certificate expired as detailed here:
https://docs.certifytheweb.com/docs/kb/kb-202109-letsencrypt/

That necessitated updating all the servers and on my projects I had to update
the docker images we were using.

So I'm guessing your openjdk might be linked to some old certs.
It's odd you are having issue with the newer one and not the older though.

Are you running both on same server?

Usually an OS update (for newer OS) fixes the issue.
Unfortunately I don't know much about Java to know things like what cert path
it uses or even how to test maven.

I'm also puzzled that some artifacts are downloaded and some are not.
Are these by chance maybe cached and it's the newer artifacts you are having
issue with?

Hope that help,
Regina

> -----Original Message-----
> From: Sac [mailto:sac-bounces@lists.osgeo.org] On Behalf Of Andreas
> Barth
> Sent: Wednesday, December 8, 2021 6:01 AM
> To: sac@lists.osgeo.org
> Subject: [SAC] 'peer not authenticated' error when trying to use
> repo.osgeo.org
>
> I'm using this artifact in a Maven project:
>
> ```
> <dependency>
> <groupId>org.geotools</groupId>
> <artifactId>gt-shapefile</artifactId>
> <version>26.1</version>
> </dependency>
> ```
>
> I included the OSGeo repository in my `pom.xml` file like this:
>
> ```
> <repository>
> <id>osgeo</id>
> <name>OSGeo Release Repository</name>
> <url>https://repo.osgeo.org/repository/release/&lt;/url&gt;
> <snapshots><enabled>false</enabled></snapshots>
> <releases><enabled>true</enabled></releases>
> </repository>
> ```
>
> Running `mvn clean install` on Travis I get the following error:
>
> ```
> Could not transfer artifact org.geotools:gt-metadata:jar:26.1 from/to
> osgeo
> (https://repo.osgeo.org/repository/release/): peer not authenticated
> ```
>
> Strangely, this does work using openjdk8, but not openjdk11. Also it
> seems that some artifacts are downloaded from repo.osgeo.org without
> problems, but for some I receive the above error.
>
> Can you give any advice how to fix or further debug this?
>
> And a bonus question: Are there any plans to or reasons against
> publishing the geotools artifacts on Maven Central?
>
> Thanks in advance and best regards,
> Andreas
> _______________________________________________
> Sac mailing list
> Sac@lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/sac

Thanks for your help!

The builds were running on physically different machines on travis-ci, but the OS was the same.
According to the Maven logs for example this jar was downloaded (not cached) successfully:

Downloaded from osgeo: https://repo.osgeo.org/repository/release/org/geotools/gt-shapefile/26.1/gt-shapefile-26.1.jar (239 kB at 26 kB/s)

I’ll try to follow your advice and check the SSL certificates.

Best regards,
Andreas

I switched to the latest JDK 11 distribution from Eclipse (Temurin) and this seems to work

Great to hear

-----Original Message-----
From: Sac [mailto:sac-bounces@lists.osgeo.org] On Behalf Of Andreas Barth
Sent: Wednesday, December 15, 2021 2:14 AM
To: sac@lists.osgeo.org
Subject: Re: [SAC] 'peer not authenticated' error when trying to use
repo.osgeo.org

I switched to the latest JDK 11 distribution from Eclipse (Temurin) and

this seems

to work

_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/sac