When running kaisen-update I am getting the following error:
Err:3 https://dl.google.com/linux/chrome/deb stable InRelease
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected. Could not handshake: Error in the certificate verification. [IP: x.x.x.x 443]
Strangely, I do not have chrome installed!? (I may have had it installed in the past).
Any issue here?
Michel
Hello,
The date and time probably not up-to-date.
Hi Kevin,
Which date and time? My system date and time is correct (hardware on UTC and system on AWST).
Okay, you may remove the repository, if you don’t use Google Chrome 
Well, that is the issue. Under the /etc/apt directories I cannot find any references to chrome in any of the files!
?
/etc/apt/sources.list.d/google-chrome.list
As I said in my earlier post: Under the /etc/apt directories I cannot find any references to chrome in any of the files!
/etc/apt/sources.list.d/google-chrome.list. simply does not exist.
And in the /etc/apt/sources.list file?
I don’t see another path for the list of the repos.
No, nowhere at all under the /etc/apt directory and sub-directories!!??
That is what got me stumped. I assumed they may have been a kaisen specific, well hidden and unorthodox way of doing the kaisen-update.
This worries me as I am not a fan of google in any way. It starting to look like an exploit perhaps?
Sorry,
But I don’t understand your problem. In Kaisen, all repositories can be found in the /etc/apt directory, respectively in the /etc/apt/sources.list or in the /etc/apt/sources.list.d/???.list
I didn’t add the chrome repository by default.
Probably due to a software installed on your computer? Do you have added another repositories on Kaisen?
Do you use Flatpak or snap?
But I don’t understand your problem. In Kaisen, all repositories can be found in the /etc/apt directory, respectively in the /etc/apt/sources.list or in the /etc/apt/sources.list.d/???.list
That is what I thought. But there are definitely no references to google-chrome there.
I do not have flatpak or snap installed either.
I didn’t add the chrome repository by default.
I tried an apt update straight after a kaisen-update and guess what: I again got the “certificate verification failed” message!
So the issue must be with apt, but I have no idea where apt would look outside of /etc/apt to get a directory address?
Anyway, thanks for trying to help. The issue seems to be with apt itself now and NOT with kaisen.
So you can close this issue.
If I find the solution/cause, I will post back here, otherwise I may go to a hardened version of Debian when Bookworm is release (in about a month time I think) for a while. I do tend to become paranoid when there is something happening I do not understand. I try to operate in an extremely secure environment. As a matter of fact it is my perimeter router with snort that detected the attempt to connect to the google-chrome repo.