Question 217082 in Ubuntu Question posted in
The official Ubuntu documentation can be found here.

Ubuntu – Why I get GitHub action/cache@v3 download problem?

Im running Selfhosted GitHub runner on AWS EC2 instance.

I have step in GitHub workflow:

- name: Cache Maven dependencies
        if: github.event_name != 'pull_request' || github.event.pull_request.merged == true
        id: cache
        uses: actions/cache@v3
        with:
          path: ~/.m2/repository
          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-maven-

During execution of this workflow I get this error:

Download action repository 'actions/cache@v3' (SHA:88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8)
Warning: Failed to download action 'https://api.github.com/repos/actions/cache/tarball/88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8'. Error: The SSL connection could not be established, see inner exception.
Warning: Back off 17.362 seconds before retry.
Error: The SSL connection could not be established, see inner exception.

If I go directly to my GitHub self hosted runner and I execute wget or curl to the link, I get this error:

ubuntu@ip-11-224-36-17:~$ wget https://api.github.com/repos/actions/cache/tarball/88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
--2023-07-27 08:37:25--  https://api.github.com/repos/actions/cache/tarball/88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
Resolving api.github.com (api.github.com)... 140.82.121.6
Connecting to api.github.com (api.github.com)|140.82.121.6|:443... connected.
OpenSSL: error:0A000152:SSL routines::unsafe legacy renegotiation disabled
Unable to establish SSL connection.
Tags:

2

Answers


  1. 0

    Update openSSL libtrary in your system. Use this command if you are using ubuntu.

        sudo apt update
    sudo apt install openssl

    If updating doesn’t work then enable legacy renegotiation for the SSL connection by opening /etc/ssl/openssl.cnf file and adding this line of code in the end of file.

    openssl_conf = default_conf

    Create new configuration file after saving the file. use this line of code

    sudo nano /etc/ssl/openssl.cnf

    No w after adding the following piece of code in the file, save it and download it again

    [default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT:@SECLEVEL=1

    Now run following command to synchronize the time with NTP (Network Time Protocol)

    sudo ntpdate pool.ntp.org

    At the end run ‘wget’ or ‘curl’ again to check whether the SSL connection error is resolved or not.

    Login or Signup to reply.
  2. 0

    If you are using your self hosted runner you can try to do the following checks on your machine:

    openssl version

openssl s_client -connect github.com:443 -tls1_2

    From there you will have information on how to proceed to resolve this SSL conflict, maybe it’s time to update your openssl client.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search