Andrew Walter's picture

I can't access http://archive.turnkeylinux.org/ from the two networks I have access to at the moment. Anybody else?

Forum: 
Eric Lee's picture

I second that archive.turnkeylinux.org is not responding.

Jeremy Davis's picture

Thanks for reporting guys. I can confirm that archive.turnkeylinux.org is not responding to http. It is responding to ping, so I'm not really sure what is going on...

FWIW I also double checked via http://downforeveryoneorjustme.com/archive.turnkeylinux.org and that also confirms it's down.

Unfortunately I don't have access to that server so I can't look into it further. Alon is in Israel, so probably sleeping ATM. I'll get him to look into it as a matter of urgency.

Jeremy Davis's picture

Alon has just fixed the archive server. Now we just need to work out why it went wrong...

Sorry about that and thanks again for reporting!

Dan Ballard's picture

Appears that it is offline again right now.

Jeremy Davis's picture

Thanks for reporting, but it's up for me. Could you please check again and let me know if it's still not working for you.

Jeff Dagenais's picture

The site's SSL certificate is a "Root certificate authority" for *.turnkeylinux.org. This root authority is obviously not found in regular trust stores (tested with Safari on HighSierra and Firefox on debian stretch).

Maybe get a "let's encrypt" or whatever.

Cheers!

Jeremy Davis's picture

Although FWIW it's not intended to be contact via https. It is provided as an apt repo, so generally only used via http by apt. The current SSL cert is a self-signed cert (more-or-less the same as all TurnKey appliances ship with).

Having said that, as your comment suggests, now Let's Encrypt is so easy (and free too!) there isn't really any excuse. I'll add it to the todo list... - Added to the todo list! :)

Jeff Dagenais's picture

I think most browsers now (well Safari anyway) will by default attempt an https connection unless specifically using "http://...", hence why I thought it might be a good idea to mention it.

I understand your comment about it being an apt repo, that's fair. I would argue though at this point that it would be a good idea to get at least a free let's encrypt certificate, even if it's just to avoid raising eyebrows and project a tightly ran ship, security wise. Especially considering the business turnkeylinux is in, now with the servers and all... ;)

Cheers!

Jeremy Davis's picture

Yep totally agree on all counts! :)

Jeremy Davis's picture

UPDATE: Issue has now been resolved!

It seems that our apt archive server has had a failure! :(

As you can see, the server itself is still running, but it's not hosting any of the archive files/filesystem. I don't personally have access to it, so unfortunately, there is nothing I can do. However, I have contacted my colleague and hopefully he'll resolve it ASAP (although it's currently early hours of the morning in his timezone - so no clear ETA as of yet).

Another user has also posted this in a new forum thread. I've put a more detailed response there, noting how to apply a short term workaround etc.

Jeremy Davis's picture

The TurnKey apt archive should now be working as expected. Thanks for the patience.

it seems so:

Is archive.turnkeylinux.org down right now?

 

It's not just you! archive.turnkeylinux.org is down.

Jeremy Davis's picture

Unfortunately, I don't have full access to that apt server, so we'll need to wait until my colleague Alon can have a look. Hopefully it'll be within the next 6-7 hours.

In the meantime, it should still be possible to install new packages from other apt servers, the message should only be a warning.

Alternatively, you can comment out the TurnKey apt servers within /etc/apt/sources.list.d/sources.list & /etc/apt/sources.list.d/security.sources.list. I.e. insert a '#' (aka hash/pound) character at the start of all lines that includes turnkeylinux.org.

Jeremy Davis's picture

We'll also discuss how to improve the stability of our apt server, plus reduce the turnaround times for if/when it goes down again in the future.

Jeremy Davis's picture

Please see my comment on the GitHub issue for further details.

Add new comment