Opam error : download command failed

Trying to install alcotest, I get the error message below. How can I fix this ?

$ opam install alcotest
The following actions will be performed:
  ∗ install   cmdliner   1.0.4   [required by alcotest]
  ∗ install   re         1.9.0   [required by alcotest]
  ∗ install   astring    0.8.5   [required by alcotest]
  ∗ install   uuidm      0.9.7   [required by alcotest]
  ∗ install   fmt        0.8.9   [required by alcotest]
  ↻ recompile uutf       1.0.2   [uses cmdliner]
  ∗ install   alcotest   1.3.0
  ↻ recompile markup     1.0.0-1 [uses uutf]
  ↻ recompile lambdasoup 0.7.2   [uses markup]
===== ∗ 6   ↻ 3 =====
Do you want to continue? [Y/n] Y

<><> Gathering sources ><><><><><><><><><><><><><><><><><><><><><><><><><><>  🐫 
[alcotest.1.3.0] found in cache
[astring.0.8.5] found in cache
[cmdliner.1.0.4] found in cache
[lambdasoup.0.7.2] found in cache
[markup.1.0.0-1] found in cache
[re.1.9.0] found in cache
[uutf.1.0.2] found in cache
[ERROR] The sources of the following couldn't be obtained, aborting:
          - fmt.0.8.9: Download command failed
          - uuidm.0.9.7: Download command failed

I can’t reproduce the problem. Maybe it was a temporary network failure?
If you can still reproduce it, could you launch the same command with --debug ?

The output is very verbose, I can reproduce it in full if asked to, for now I just reproduce the final part :

Processing 9/9: [uuidm.0.9.7: http]
00:06.189 PARALLEL Collected task for job 7 (ret:5)
00:06.189 SYSTEM rm /Users/jonathandoyle/.opam/4.11.0/.opam-switch/sources/uuidm.0.9.7/uuidm-0.9.7.tbz.part
00:06.189 CURL Could not download file at https://erratique.ch/software/uuidm/releases/uuidm-0.9.7.tbz.
00:06.189 PARALLEL Job 7 finished
[ERROR] The sources of the following couldn’t be obtained, aborting:
- fmt.0.8.9: Download command failed
- uuidm.0.9.7: Download command failed

00:06.200 SYSTEM rm /Users/jonathandoyle/.opam/4.11.0/.opam-switch/backup/state-20221028132454.export

Not sure what’s happening. On this side of the world I have:

> curl -I https://erratique.ch/software/uuidm/releases/uuidm-0.9.7.tbz
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 28 Oct 2022 14:26:27 GMT
Content-Type: application/x-bzip2
Content-Length: 9164
Last-Modified: Thu, 27 Oct 2022 16:21:49 GMT
Connection: keep-alive
ETag: "635ab01d-23cc"
Accept-Ranges: bytes
1 Like

And on my side of the world I have :

$ curl -I https://erratique.ch/software/uuidm/releases/uuidm-0.9.7.tbz
curl: (60) SSL certificate problem: certificate has expired
More details here: curl - SSL CA Certificates

curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.
HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure.

The pattern seems to be that your CLI tools do not recognize “let’s encrypt” certificates contrarily to your browser. To check the hypothesis, does wget https://letsencrypt.org fail too?

Yes :

$ wget https://letsencrypt.org
–2022-10-28 17:01:53-- https://letsencrypt.org/
Resolving letsencrypt.org (letsencrypt.org)…,
Connecting to letsencrypt.org (letsencrypt.org)||:443… connected.
ERROR: cannot verify letsencrypt.org’s certificate, issued by ‘CN=R3,O=Let’s Encrypt,C=US’:
Issued certificate has expired.
To connect to letsencrypt.org insecurely, use `–no-check-certificate’.

1 Like

It seems your system wide certificate store (which is different from the browser store) is missing, corrupt, or something like that. You seem to be on some kind of Unix or Linux? On Debian, Ubuntu and their descendants this is in the ca-certificates package. Same on homebrew under MacOS.

Actually, now I remember - at one point there was a problem with an obsolete intermediate certificate present in the package, and the solution was to disable it. If you are on Debian etc., try:

sudo dpkg-reconfigure ca-certificates

(and read the documentation first :-0 )

Seems like it would be helpful if opam reported that the issue was that the certificate was not accepted. That could save a few steps in the investigation.

You’re absolutely right, I tried that (as a matter of fact I had homebrew already installed) and now everythings works. Thanks a lot!