Apt error after attempted upgrade from Buster to Bullseye

horo · 2022-06-10 17:06:04

I decided to update to bullseye on a current lithium laptop at work.
I edited my /etc/apt/source.list to call on 'bullseye' instead of 'buster' and set apt to update, then upgrade.

I left things to run, but when I returned to the system it had powered down (outlets are set to a light switch which someone turned off, and the battery died)

I don't know where in the upgrade process the system was before that happened. I logged in and tried running apt-get but keep hitting the following-

$ sudo apt-get update
Err:1 https://deb.debian.org/debian bullseye InRelease
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 151.101.22.132 443]
Err:2 https://deb.debian.org/debian-security bullseye-security InRelease                                
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 151.101.22.132 443]
Err:3 https://deb.debian.org/debian bullseye-updates InRelease                                          
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 151.101.22.132 443]
Err:4 https://deb.debian.org/debian buster-backports InRelease                                          
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 151.101.22.132 443]
Hit:5 http://pkg.bunsenlabs.org/debian lithium InRelease                                                
Err:6 https://pkg.bunsenlabs.org/debian buster-backports InRelease        
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 78.47.156.207 443]
Reading package lists... Done                       
W: https://deb.debian.org/debian/dists/bullseye/InRelease: No system certificates available. Try installing ca-certificates.
W: https://deb.debian.org/debian-security/dists/bullseye-security/InRelease: No system certificates available. Try installing ca-certificates.
W: https://deb.debian.org/debian/dists/bullseye-updates/InRelease: No system certificates available. Try installing ca-certificates.
W: https://deb.debian.org/debian/dists/buster-backports/InRelease: No system certificates available. Try installing ca-certificates.
W: https://pkg.bunsenlabs.org/debian/dists/buster-backports/InRelease: No system certificates available. Try installing ca-certificates.
W: Failed to fetch https://deb.debian.org/debian/dists/bullseye/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 151.101.22.132 443]
W: Failed to fetch https://deb.debian.org/debian-security/dists/bullseye-security/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 151.101.22.132 443]
W: Failed to fetch https://deb.debian.org/debian/dists/bullseye-updates/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 151.101.22.132 443]
W: Failed to fetch https://pkg.bunsenlabs.org/debian/dists/buster-backports/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 78.47.156.207 443]
W: Failed to fetch https://deb.debian.org/debian/dists/buster-backports/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 151.101.22.132 443]
W: Some index files failed to download. They have been ignored, or old ones used instead.

I check on ca-certificates

ca-certificates:
  Installed: 20210119
  Candidate: 20210119
  Version table:
 *** 20210119 500
        500 https://deb.debian.org/debian bullseye/main amd64 Packages
        100 /var/lib/dpkg/status

and then confirm on packages.debian.org that this is the current bullseye release

My current thoughts are to manually dl and run the ca-certificates again. Perhaps the package was downloaded but not properly set up for the necessary programs to see it's there?
Is it better practice to try and force apt-get to retrieve the package again or download a .deb from packages.debian.org?

Bearded_Blunder · 2022-06-10 22:56:01

Here is Debian's instructions/advice for making that upgrade:
https://www.debian.org/releases/stable/ … ng.en.html

You will get problems particularly if you fail to note that the security repos are different.. you can't simply edit buster to bullseye..

And also if you don't do the upgrade followed by dist-upgrade routine & try it in one move, there's a reason they suggest doing plain upgrade first.

I'd have disabled buster-backports before I started too...

rbh · 2022-06-11 17:59:19

horo wrote:

IMy current thoughts are to manually dl and run the ca-certificates again.

I would try that.

I don't know where in the upgrade process the system was before that happened.

You confirmed that the update had run and ca-certificates for bullseye had been installed. Then you should not have run update again, but run upgrade again. The system knows where it was interuppted and will confinue from there.
Probably the system would have told you to run "apt configure -a", to configure those packages that was in que to be configured, when power disappeared.
Then you should have continued with upgrade.

Hopefully you should be able to install ca-certificates from disk and then upgrade your system.

Two notes:
* You have not changed "buster-backports" to "bullseye-backports".
Next time you upgrade your system, read the Debian upgrade doc carefully.
* You should always first update and upgrade your current system. Then edit sources and after that update, upgrade and last do an dist-upgrade.

rbh · 2022-06-12 08:23:27

Horo, you are not getting any apt-error... Due to error with the installation of the package ca-cartificate, your system can not trust secure encrypted https communication.

If you change sources for Debian and Bunsenlabs to "deb http://...", and do a new update and upgrade and distupgrade, the upgrade should go through.

After upgrading you can investigate status of secure web communication.

horo · 2022-06-14 16:36:06

Thanks for the link to the debian walkthrough.
I dled ca-certificates.deb from packages.debain.org and re-installed. This cleared things up and I was able to connect with apt-get again.

Re-ran 'apt-get update' and 'apt-get upgrade' and when they finished ran 'apt-get dist-upgrade'
All seems to be working properly!

Bearded_Blunder · 2022-06-14 18:03:30

Glad it appears to be sorted.

#1 2022-06-10 17:06:04

Apt error after attempted upgrade from Buster to Bullseye

#2 2022-06-10 22:56:01

Re: Apt error after attempted upgrade from Buster to Bullseye

#3 2022-06-11 17:59:19

Re: Apt error after attempted upgrade from Buster to Bullseye

#4 2022-06-12 08:23:27

Re: Apt error after attempted upgrade from Buster to Bullseye

#5 2022-06-14 16:36:06

Re: Apt error after attempted upgrade from Buster to Bullseye

#6 2022-06-14 18:03:30

Re: Apt error after attempted upgrade from Buster to Bullseye

Board footer