Cache.nixos.org peer certificate or SSH remote key was not OK (60)

On a specific machine, any Nix command executed by a normal user, which requires contacting cache.nixos.org fails with errors like these

error: unable to download 'https://cache.nixos.org/j6nzx7mn1y2irr6swbgc18dh1xli8svz.narinfo': SSL peer certificate or SSH remote key was not OK (60); retrying in 2552 ms
  • The problem only occurs for normal users, not root.
  • NIX_SSL_CERT_FILE is set in the user’s environment.
  • /usr/bin/openssl s_client -CAfile $NIX_SSL_CERT_FILE -connect cache.nixos.org:443 connects without a problem.
  • This occurs on a machine on which
    • Nix 2.4 was installed originally.
    • At least one failed attempt was made to upgrade (I don’t have the details available).
    • Another attempt was made, by completely removing /nix and running the Nix installer script.
    • Nix 2.6.0 installed at present.

Can you suggest how to make Nix usable once more for normal users on this machine?

Root bypasses the demon IIRC. So probably it’s the demon not seeing the correct certificate?

The problem appears to have been solved with

nix-channel --update; nix-env -iA nixpkgs.nix nixpkgs.cacert; systemctl daemon-reload; systemctl restart nix-daemon
1 Like