14

When I want to upgrade Ubuntu from 18.04 Bionic Beaver to 18.10 to Cosmic Cuttlefish via terminal with sudo do-release-upgrade -d command it gives me warning:

Failed to connect to https://changelogs.ubuntu.com/meta-release-development. 
Check your Internet connection or proxy settings.

However I have internet connection, I write this question now from my Ubuntu computer.

How can I resolve this?

Zanna
  • 70,465
ayibugan
  • 141
  • 1
  • 1
  • 7

3 Answers3

21

It seems like there is an issue about certificates:

result of meta-release download: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:841)>

As a workaround, I edited the file /usr/lib/python3/dist-packages/UpdateManager/Core/MetaRelease.py and added these lines to the beginning:

import ssl
ssl._create_default_https_context = ssl._create_unverified_context
BeastOfCaerbannog
  • 14,585
omerfarukdogan
  • 544
  • 2
  • 6
  • 18
14

The problem is the used ca:

$ python3 -c 'import ssl; print(ssl.get_default_verify_paths().openssl_cafile)'
/usr/lib/ssl/cert.pem

The path might be /usr/local/ssl/cert.pem for your installation, adjust following commands to use this path if it's your case.

But:

$ ls /usr/lib/ssl/cert.pem
ls: cannot access '/usr/lib/ssl/cert.pem': No such file or directory

You can fix it by linking the global ca-certificates to the file Python uses:

ln -s /etc/ssl/certs/ca-certificates.crt /usr/lib/ssl/cert.pem

After that running do-release-upgrade works just fine.

For a temporary solution:

SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt do-release-upgrade
JPelletier
  • 185
user226263
  • 141
  • This fixed the issue. one simple symlink. I tried upgrading from 16.04 to the current release, and this fixed the updating process. without having to hack the python file. – Tschallacka Feb 02 '21 at 21:36
  • 1
    Thanks for this. On 20.04 I had to run sudo update-ca-certificates then link to /usr/local/ssl/cert.pem rather than /usr/lib/ssl/cert.pem, as guided by the output of the python query. Can't account for why /usr/local... rather than /usr/lib.... – Jeremy Field Aug 27 '22 at 01:50
  • This should be the accepted answer. – mark Oct 06 '22 at 18:55
  • i tried more than dozen tricks from diff website. Nothing worked. Only the above solution by @Jeremy Field worked. So it shoudl be the accepted answer. – M K Saravanan Jan 16 '23 at 01:36
4

This is an Ubuntu bug that has been fixed, but I'm not sure if the patch will be available in updates for 18.04.2 LTS.

From 2018:

update-manager (1:18.10.3) cosmic; urgency=medium

  • Add support for HTTPS proxies; this breaks UpdateManager.Core.utils.init_proxy() API - the return value is now a dict, rather than a string (LP: #1771914).
    ...
    The verification of the Stable Release Update for update-manager has completed successfully and the package has now been released to -updates.
TonyG
  • 187