Unable to Pull EPEL repository Metadata

The problem is with the nss package being too old. This older version cannot talk with the Fedora site via curl which uses an older version of the nss library.

Just update your nss version to the latest, it solves the problem with the EPEL repo update:

$ sudo yum clean all 
$ sudo yum --disablerepo="epel" update nss

NOTE: this version of nss-3.14.3-4.el6_4.x86_64 works fine with the EPEL repository.

If the following fails:

yum check-update

but:

yum --disablerepo="epel"  check-update

works, then run:

URLGRABBER_DEBUG=1 yum check-update 2> debug.log

and check debug.log for:

PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"

If this message is found, then try:

yum --disablerepo="epel" reinstall ca-certificates

If that fails to resolve the issue, then you may need to update your ca-certificates:

yum --disablerepo="epel" update ca-certificates

If that fails to resolve the issue, then backup your current CA certificate:

cp /etc/pki/tls/certs/ca-bundle.crt /root/

and run:

curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt

Explanation

The log shows an error with your system's SSL certificates.

The CA certificate bundle on your system might have somehow become corrupt and the yum -disablerepo="epel" reinstall ca-certificates command above simply overwrites yours with a fresh version. This is unlikely to be the answer though as all other repos are working - if there were major SSL issues, then all repos would fail.

The curl... command above replaces your system's CA certificates bundle with a newer version. The CA certificates bundle contain all the root CA certificates that your system trusts.

In this instance the EPEL repo has new SSL certificates (signed by a new root CA) that your system doesn't trust. The CentOS repos continue to work with their slightly older certificates.

I had the same error when working behind a corporate proxy. Updating certificates or using http didn't help. To fix it I had to add a proxy setting to each of the epel repos:

for x in /etc/yum.repos.d/epel*; do sed -i '/^\[/ a proxy=http://YOUR.PROXY.HERE:8080' $x; done

Insert your own proxy details of course.

My repo files now look like this:

[epel]
proxy=http://YOUR.PROXY.HERE:8080
name=Extra Packages for Enterprise Linux 6 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

[epel-debuginfo]
proxy=http://YOUR.PROXY.HERE:8080
...

Unable to Pull EPEL repository Metadata

Tags:

Nginx

Yum

Software Installation

Scientific Linux

Related

Recent Posts