The update of the fdroid repository fails with the error you can see on the screenshot.
Thanks for your help 
1 Like
Strange. Looks like a server side problem.
To be sure, could you try going to app info and clearing cache and try again? That may help.
Can you manually get version 1.8 (if not already)? https://f-droid.org/repo/org.fdroid.fdroid_1008050.apk
What Android version is this?
If before version 5.1 maybe this issue is at fault: Comodo Knowledge Base ?
1 Like
The cache clearing doesnāt change anything. I have also reinstalled the f-droid app (in version 1.8) and the issue is still here.
Iām on android 5.0.2. I know itās an old version, but itās still working so I donāt want to throw it awayā¦
1 Like
5.0.2
Read the link @Altons
@hans see the link, older systems will fail, eg. CentOS6:
> openssl s_client -connect f-droid.org:443
CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify error:num=10:certificate has expired
notAfter=May 30 10:48:38 2020 GMT
verify return:0
---
Certificate chain
0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=f-droid.org
i:/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA
1 s:/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA
i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
Can something be done (regen certs or smth)? Else minSDK was just bumped to 22 lol @Bubu
1 Like
Iāve read the link, but to be honest, I donāt know what to do with it. Should I download new certificates?
1 Like
Same issue and toast message popped up for me today also. CM12 (Android 5.1) on an old Samsung Galaxy Light.
I have other setups with older Androids (KK, LP, MM) so I seriously hope this is a fixable situation with the certs.
Iāll test them tonight and see what happens.
Someone also opened an issue on GitLab about this.
1 Like
It might be a server side issue on the f-droid repository, because the Guardian Project Official Release is still working fine.
1 Like
Tracking this here: f-droid.org: expired root certificate (#174) Ā· Issues Ā· F-Droid / admin Ā· GitLab
2 Likes
The error message displayed when I try to update the fdroid repository changed to this :
I hope this might help you debuggingā¦ Should I post this kind of stuff in the gitlab issue or here?
1 Like
Thatās an intermediate cert that expired as planned. Problem is that some sites still ship it as part of their ācertificate chainā. Would they not do that, the OS would try finding its own (alternative) chain and succeed.
I had the same issue here on my Linux machine for one site, lasting 2 or 3 days. It was solved OS-side when the ca-certs package was updated. Iāve checked the update, and indeed it āblack-listedā that expired cert from AddTrust, forcing openSSL to use a different chain.
TL;DR: I donāt know how the certificates are updated on Android; the most likely variant is OTA updates for the OS. So devices no longer receiving updates are, well, unlucky. So the best way might be contact the site admins so they update the certificate chain they ship.
Ugh, say again: is that our repo? Strange, I didnāt experience that issue here with our repo. Can someone check what certificate chain we ship, and fix it if needed? Or has that already been done? Or did the very same ca-cert update on our servers fix that along the line?
Update: Looks like Ciaran did exactly that and removed the intermediate from our chain (or at least will do it shortly).
2 Likes
Same situation here, with an old lollipop 5.0 phone.
I just installed the latest fdroid via apk, but it still fails the ssl handshake.
Other sites are ābrokenā for me as well with chrome browser or anything that uses system webview.
Firefox works instead.
I donāt know much about the theory, but from what i read, fdroid servers could use a workaround, but if i understood well, the issue depends on a bug on gnutls (due to an expired root certificare an the inability to use another one, or whateverā¦)
What concerns me is that i canāt update this (rooted) device for a number of reasons, so i ask you if is there a way for me to fix the issue locally ?
Thanks,
1 Like
Firefox uses its own certificate store and probably already had the AddTrust certificate disabled. As for Webview: Good pointer. You could try adding the Bromite repo and install their Webview, which is more up-to-date and might have fixed the issue. This would at least solve it for all apps using Webview ā no idea if this affects the F-Droid client, though.
1 Like
I think things have been fixed. On my CM12 today, refreshing the repo worked and app updates are now displayed.
Regarding Bromite Webview, on that device it was already installed, updatable (Bromite repo was good), and updated during the issue. So I donāt think it affected the F-Droid client.
I also recommend that webview. Installed on all of my ROMs (save for OEM stocks and of course KitKat). Constantly updated.
2 Likes
It worked for me, but sometimes I still get an error :āError getting F-Droid index file ā SSL handshake timed outā
1 Like
The issue is finally solved ! Thanks a lot 
1 Like
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
āF-Droid: Error getting F-Droid index fileāØ java.security.cert. CertPath ValidatorExcepti
on: Trust anchor for certification path not found.ā
Read Running on old Android versions | F-Droid - Free and Open Source Android App Repository? and add the certificate as instructed