Menu

CentOS Stream 10 repo issue

No Comments

Repo issue encountered while running ‘dnf update -y’ (SSL certificate errors).

On CentOS Stream 10, running dnf update -y may fail with SSL or repository errors such as:
dnf update -y 

CentOS Stream 10 - BaseOS 0.0 B/s | 0 B 00:03 
Errors during downloading metadata for repository 'baseos': 
- Curl error (60): SSL peer certificate or SSH remote key was not OK for https://mirrors.centos.org/metalink?repo=centos-baseos-10-stream&arch=x86_64&protocol=https,http [SSL certificate problem: self-signed certificate in certificate chain] 
Error: Failed to download metadata for repo 'baseos': Cannot prepare internal mirrorlist: Curl error (60): SSL peer certificate or SSH remote key was not OK for https://mirrors.centos.org/metalink?repo=centos-baseos-10-stream&arch=x86_64&protocol=https,http [SSL certificate problem: self-signed certificate in certificate chain]

These errors typically appear when:

  • The system’s CA certificates are outdated or missing.
  • The Extras or Extras-Common repositories no longer exist in Stream 10.
  • You’re behind a corporate proxy performing TLS inspection (self-signed CA).

This KB provides a step-by-step fix.

  • Curl error (60) during metadata download.
  • Duplicate repository warnings.
  • 404 “repomd.xml not found” for Extras repos.
  • Partial updates (BaseOS/AppStream succeed, Extras fails).

1. Check the system clock

  • An incorrect date or time can break SSL verification.
timedatectl status
  • If it’s wrong, fix it:
sudo timedatectl set-ntp true

sudo timedatectl set-timezone
  • Example:
sudo timedatectl set-timezone UTC

2. Temporarily disable SSL verification (for testing only)

  • Tried to Temporarily disable SSL verification by seting sslverify=0 under [baseod] but found out ‘/etc/yum.repos.d/CentOS-Stream-BaseOS.repo’ is empty
sudo nano /etc/yum.repos.d/CentOS-Stream-BaseOS.repo
  • Next we remove broken cache:
sudo dnf clean all
sudo rm -rf /var/cache/dnf
  • Recreate the BaseOS repo file
sudo nano /etc/yum.repos.d/CentOS-Stream-BaseOS.repo

  • Then paste this content
[baseos]
name=CentOS Stream 10 - BaseOS
baseurl=https://mirror.stream.centos.org/10-stream/BaseOS/x86_64/os/
gpgcheck=1
enabled=1
gpgkey=https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official
sslverify=0
  • Save and exit.
Ctrl+O, Enter, Ctrl+X


sudo nano /etc/yum.repos.d/CentOS-Stream-AppStream.repo

[appstream]
name=CentOS Stream 10 - AppStream
baseurl=https://mirror.stream.centos.org/10-stream/AppStream/x86_64/os/
gpgcheck=1
enabled=1
gpgkey=https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official
sslverify=0

  • NOTE: DO NOT CREATE extras repo file ( /etc/yum.repos.d/CentOS-Stream-Extras.repo). CentOS Stream 10 (still evolving) does not currently have an “Extras” repository — it’s been replaced or merged into other repos in Stream 10. CentOS Stream 8 and 9 had an extras repo (for small packages outside the main streams).
  • If it exists, disable or remove the “Extras” repo as it is not needed on CentOS Stream 10
sudo dnf config-manager --set-disabled extras
sudo dnf config-manager --set-disabled extras-common

  • Then run:
sudo dnf clean all
sudo dnf makecache
sudo dnf update -y

Leave a Reply

Your email address will not be published. Required fields are marked *

About

Enter your site info here.

Recent Posts