Ошибка нет доверия сертификату для repo zabbix com - ErrorsMaster.ru - большая энциклопедия ошибок и их решений

Zabbix 6.2 + Nginx + PostgreSQL 14 + TimescaleDB

Zabbix — свободная система мониторинга и отслеживания статусов разнообразных сервисов компьютерной сети, серверов и сетевого оборудования, написанная Алексеем Владышевым. Для хранения данных используется MySQL, PostgreSQL, SQLite или Oracle Database, веб-интерфейс написан на PHP.

Подготовка

Обновляем ОС, устанавливаем софт

$ sudo apt update
$ sudo apt -y upgrade
$ sudo apt -y install nano curl bind9-utils telnet wget net-tools traceroute git tcpdump rsync open-vm-tools mlocate htop tar zip unzip  cloud-guest-utils
$ sudo apt -y install gnupg2

Установка Nginx из репозитория

Добавляем ключ репозитория

$ wget --quiet -O - https://nginx.org/keys/nginx_signing.key | sudo apt-key add -

Добавляем репозиторий Nginx

$ sudo nano /etc/apt/sources.list.d/nginx.list
# NGINX repo
deb https://nginx.org/packages/mainline/debian/ bullseye nginx
deb-src https://nginx.org/packages/mainline/debian bullseye nginx

Устанавливаем Nginx

$ sudo apt update
$ sudo apt install -y nginx

Установка Postgresql 14 из репозитория

Добавляем репозиторий PostgreSQL

$ sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'

Добавляем ключ репозитория

$ wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -

Устанавливаем Postgresql 14

$ sudo apt update
$ sudo apt -y install postgresql-14

Установка Zabbix 6.2 из репозитория

Добавляем репозиторий

$ wget https://repo.zabbix.com/zabbix/6.2/debian/pool/main/z/zabbix-release/zabbix-release_6.2-1+debian11_all.deb
$ sudo dpkg -i zabbix-release_6.2-1+debian11_all.deb

Устанавливаем Zabbix для Nginx и Postgresql

$ sudo apt update
$ sudo apt -y install zabbix-server-pgsql zabbix-frontend-php php7.4-pgsql zabbix-nginx-conf zabbix-sql-scripts zabbix-agent2

Почему то в процессе установки обнаружил, что установился apache2, удаляем его

$ sudo apt -y remove apache2
$ sudo apt -y autoremove

Настройка Postgresql 14

Редактируем конфиг pg_hba.conf, включаем авторизацию по паролю для локальных соединений

...
#host    all             all             127.0.0.1/32            scram-sha-256
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
#host    all             all             ::1/128                 scram-sha-256
host    all             all             ::1/128                 md5
...

Перезапускаем сервис

$ sudo systemctl restart postgresql

Настройка PHP-FPM

Меняем Timezone

$ sudo nano /etc/zabbix/php-fpm.conf
...
php_value[date.timezone] = Europe/Moscow

Меняем права на файл zabbix.sock

$ sudo chmod 777 /run/php/zabbix.sock

Перезапускаем сервис

$ sudo systemctl restart php7.4-fpm

Настройка Nginx

Редактируем конфиг zabbix.conf

        listen 80;
        listen [::]:80;
        server_name _;
#        listen          8080;
#        server_name     example.com;

        root    /usr/share/zabbix;
        index   index.php;
        client_max_body_size 100M;
...

Отключаем дефолтный конфиг

$ sudo mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.disabled

Перезапускаем сервис

$ sudo systemctl restart nginx

Настройка PostgreSQL для Zabbix

Создаем пользователя

$ sudo -u postgres createuser --pwprompt zabbix
Enter password for new role: mysuperpass

Создаем базу

$ sudo -u postgres createdb -O zabbix zabbix

Загружаем данные

$ zcat /usr/share/doc/zabbix-sql-scripts/postgresql/server.sql.gz | sudo -u zabbix psql zabbix

Правим конфиг zabbix_server.conf, добавляем пароль пользователя

$ sudo nano /etc/zabbix/zabbix_server.conf
...
DBPassword=mysuperpass
...

Перезапускаем сервисы, добавляем их в автозагрузку

$ sudo systemctl restart zabbix-server zabbix-agent2 nginx php7.4-fpm
$ sudo systemctl enable zabbix-server zabbix-agent2 nginx php7.4-fpm

Zabbix server установлен, заходим в web-интерфейс, завершаем установка

Default login: Admin
Default pass: zabbix

Установка TimescaleDB

Ставим софт

$ sudo apt -y install gnupg postgresql-common apt-transport-https lsb-release

Добавляем ключ репозитория

$ wget --quiet -O - https://packagecloud.io/timescale/timescaledb/gpgkey | sudo sh -c "gpg --dearmor > /etc/apt/trusted.gpg.d/timescaledb.gpg"

Добавляем репозиторий timescaledb

$ echo "deb https://packagecloud.io/timescale/timescaledb/debian/ $(lsb_release -c -s) main" | sudo tee /etc/apt/sources.list.d/timescaledb.list

Устанавливаем timescaledb

$ sudo apt update
$ sudo apt -y install timescaledb-2-postgresql-14

Тюним конфиг PostgreSQL

$ sudo timescaledb-tune --quiet --yes

Добавляем параметр shared_preload_libraries = ‘timescaledb’ в конфиг Postgresql

$ echo "shared_preload_libraries = 'timescaledb'" | sudo tee -a /etc/postgresql/14/main/postgresql.conf

Перезапускаем Postgresql

$ sudo systemctl restart postgresql

Добавляем расширение в базу

$ echo "CREATE EXTENSION IF NOT EXISTS timescaledb CASCADE;" | sudo -u postgres psql zabbix

Скачиваем дистрибутив zabbix-6.2.1 и распаковываем его

$ wget https://cdn.zabbix.com/zabbix/sources/stable/6.2/zabbix-6.2.1.tar.gz
$ tar -zxvf zabbix-6.2.1.tar.gz

Добавляем данные в базу

$ cat zabbix-6.2.1/database/postgresql/timescaledb.sql | sudo -u zabbix psql zabbix

Что б zabbix server не ругался на версию TimescaleDB, добавляем в самом конце конфига zabbix_server.conf

$ sudo nano /etc/zabbix/zabbix_server.conf
...
AllowUnsupportedDBVersions=1

Иначе в логах zabbix server будет ошибка:

Unsupported DB! timescaledb version is 20702 which is higher than maximum of 20699
Recommended version should not be higher than TimescaleDB Community Edition 2.6.

Перезапускаем сервисы

$ sudo systemctl restart postgresql zabbix-server

Установка Zabbix Agent 2 на хостах

Добавляем репозиторий Zabbix

$ wget https://repo.zabbix.com/zabbix/6.2/debian/pool/main/z/zabbix-release/zabbix-release_6.2-1+debian11_all.deb
$ sudo dpkg -i zabbix-release_6.2-1+debian11_all.deb

Устанавливаем Zabbix Agent 2

$ sudo apt update
$ sudo apt -y install zabbix-agent2

Правим конфиг zabbix_agent2.conf

$ sudo nano /etc/zabbix/zabbix_agent2.conf

Перезапускаем сервис и добавляем его в автозагрузку

$ sudo systemctl restart zabbix-agent2
$ sudo systemctl enable zabbix-agent2

Источник

wget ERROR: The certificate of ‘repo.zabbix.com’ is not trusted

vim /etc/ca-certificates.conf
comment line mozilla/DST_Root_CA_X3.crt

update-ca-certificates -f -v
Clearing symlinks in /etc/ssl/certs…
done.
Updating certificates in /etc/ssl/certs…
Doing .
150 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d…
done.

This will update update /etc/ssl/certs on Debian 9

Источник

when i’ve tried to install zabbix host in debian 9 server. i’ve got an error below:

ERROR: The certificate of ‘repo.zabbix.com’ is not trusted.

just have tried found the solution and i’ve got these steps:

vim /etc/ca-certificates.conf
comment line -> mozilla/DST_Root_CA_X3.crt
update-ca-certificates -f -v
done

Tagged
debian
linux
ngoprek

Published by Rivo Henfri Wowiling

realistic — good learner.
View all posts by Rivo Henfri Wowiling

Published
April 11, 2022May 9, 2022

Источник

Type:

Incident report
Status:

Closed
Priority:

Trivial
Resolution:

Fixed
Affects Version/s:

None
Fix Version/s:

None
Component/s:

None

Yum refuses to install zabbix in Centos 7.4 as curl and wget complain about certificates:

# curl https:curl: (60) Peer's Certificate issuer is not recognized.
More details here: http:
curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

# wget https:--2018-04-18 13:01:54--  https:Resolving repo.zabbix.com (repo.zabbix.com)... 162.243.159.138
Connecting to repo.zabbix.com (repo.zabbix.com)|162.243.159.138|:443... connected.
ERROR: cannot verify repo.zabbix.com's certificate, issued by ‘/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http:  Unable to locally verify the issuer's authority.
To connect to repo.zabbix.com insecurely, use `--no-check-certificate'.

I think some changes happened about week ago or less. Before that everything was working seamless.

Источник

While trying to install Zabbix update, the certificate chain expiry error occurs. The solution is to fix by installing ca-certificates

$ sudo apt update
Hit:1 https://download.docker.com/linux/ubuntu bionic InRelease
Hit:2 http://archive.ubuntu.com/ubuntu bionic InRelease
Hit:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
Ign:4 https://repo.zabbix.com/zabbix-agent2-plugins/1/ubuntu bionic InRelease
Hit:5 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
Hit:6 http://archive.ubuntu.com/ubuntu bionic-security InRelease
Ign:7 https://repo.zabbix.com/zabbix/6.2/ubuntu bionic InRelease
Err:8 https://repo.zabbix.com/zabbix-agent2-plugins/1/ubuntu bionic Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verifin. [IP: 178.128.6.101 443]
Err:9 https://repo.zabbix.com/zabbix/6.2/ubuntu bionic Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verifin. [IP: 178.128.6.101 443]
Reading package lists… Done
E: The repository ‘https://repo.zabbix.com/zabbix-agent2-plugins/1/ubuntu bionic Release’ does not have a Release file.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository ‘https://repo.zabbix.com/zabbix/6.2/ubuntu bionic Release’ does not have a Release file.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

$ sudo apt install ca-certificates
[sudo] password for devopsadmin:
Reading package lists… Done
Building dependency tree
Reading state information… Done
ca-certificates is already the newest version (20211016~18.04.1).
The following packages were automatically installed and are no longer required:
linux-headers-4.15.0-112 linux-headers-4.15.0-112-generic linux-headers-4.15.0-74 linux-headers-4.15.0-74-generic linux-image-4.15.0-112-generic
linux-image-4.15.0-74-generic linux-modules-4.15.0-112-generic linux-modules-4.15.0-74-generic linux-modules-extra-4.15.0-112-generic
linux-modules-extra-4.15.0-74-generic
Use ‘sudo apt autoremove’ to remove them.
0 upgraded, 0 newly installed, 0 to remove and 130 not upgraded.

$ sudo apt update
Hit:1 https://download.docker.com/linux/ubuntu bionic InRelease
Hit:2 http://archive.ubuntu.com/ubuntu bionic InRelease
Get:3 https://repo.zabbix.com/zabbix-agent2-plugins/1/ubuntu bionic InRelease [4,948 B]
Get:4 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:5 https://repo.zabbix.com/zabbix/6.2/ubuntu bionic InRelease [7,125 B]
Get:6 https://repo.zabbix.com/zabbix-agent2-plugins/1/ubuntu bionic/main Sources [660 B]
Get:7 https://repo.zabbix.com/zabbix-agent2-plugins/1/ubuntu bionic/main amd64 Packages [475 B]
Get:8 http://archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
Get:9 https://repo.zabbix.com/zabbix/6.2/ubuntu bionic/main Sources [1,152 B]
Get:10 http://archive.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Get:11 https://repo.zabbix.com/zabbix/6.2/ubuntu bionic/main amd64 Packages [3,908 B]
Fetched 270 kB in 3s (89.5 kB/s)
Reading package lists… Done
Building dependency tree
Reading state information… Done
131 packages can be upgraded. Run ‘apt list –upgradable’ to see them.

Источник