I have a .net core 3.1 project I am attempting to build on an Ubuntu 20.04 virtual machine.
The project was building successfully, I now need to update one of the NuGet packages in the project. Once I change the package version in the .csproj file to the required version, when I either build or perform "dotnet restore" I get the following message:
/usr/share/dotnet/sdk/3.1.415/NuGet.targets(128,5): error : Unable to load the service index for source https://api.nuget.org/v3/index.json. [/home/ic/Source/redacted.csproj]
/usr/share/dotnet/sdk/3.1.415/NuGet.targets(128,5): error : The SSL connection could not be established, see inner exception. [/home/ic/Source/redacted.csproj]
/usr/share/dotnet/sdk/3.1.415/NuGet.targets(128,5): error : The remote certificate is invalid according to the validation procedure. [/home/ic/Source/redacted.csproj]
If I browse to https://api.nuget.org/v3/index.json I can successfully view the json in the browser and the certificate appears to be trusted.
I have:
- Updated packages (apt-get update AND apt-get upgrade)
- Updated NuGet
- Set certificate thumbnails in NuGet.Config as per the update in this question: Problem resolving Nuget Packages in Devops Build Agent due to Certificate issues
- I can see the DigiCert root certificate for nuget.org in the trusted certificates on Ubuntu
CodePudding user response:
Not sure in the end what actually solved my problem, but, long story short, I think the following worked:
Running wget on api.nuget.org gave:
--2021-12-02 09:38:34-- https://api.nuget.org/v3/index.json
Resolving api.nuget.org (api.nuget.org)... 152.199.40.167
Connecting to api.nuget.org (api.nuget.org)|152.199.40.167|:443... connected.
ERROR: cannot verify api.nuget.org's certificate, issued by 'CN=Microsoft Azure TLS Issuing CA 05,O=Microsoft Corporation,C=US’:
Unable to locally verify the issuer's authority.
To connect to api.nuget.org insecurely, use `--no-check-certificate'.
At some point in researching that error, I reinstalled ca-certificates (not sure if that has anything to do with resolving the problem):
sudo apt-get install --reinstall ca-certificates
Ultimately, I found: "dotnet restore" fails with "SSL peer certificate or SSH remote key was not OK" which led me to setting the SSL_CERT_FILE environment variable:
export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
That seems to have been the key and dotnet restore now works correctly.