I’m running nixOS on a raspberry pi. When I run nixos-rebuild switch --upgrade, I get:
warning: unable to download 'https://nixos.org/channels/nixos-unstable': SSL peer certificate or SSH remote key was not OK (60); retrying in 334 ms
warning: unable to download 'https://nixos.org/channels/nixos-unstable': SSL peer certificate or SSH remote key was not OK (60); retrying in 639 ms
warning: unable to download 'https://nixos.org/channels/nixos-unstable': SSL peer certificate or SSH remote key was not OK (60); retrying in 1041 ms
warning: unable to download 'https://nixos.org/channels/nixos-unstable': SSL peer certificate or SSH remote key was not OK (60); retrying in 2023 ms
error: unable to download 'https://nixos.org/channels/nixos-unstable': SSL peer certificate or SSH remote key was not OK (60)
How do I fix this? Do I need to manually import some certificate or ssh key and if so where do I find those?
There shouldn’t be a proxy or anything. I’m having issues checking since I don’t have the openssl binary on the pi and nix-shell -p openssl doesn’t work since it can’t download the package.
Kind of grasping for straws here, but you could try to find an openssl binary this way:
$ find /nix/store -name openssl -type f -executable
If you never had it installed it’s quite possible that there is none, of course.
Debugging TLS connections without seeing what’s going on is somewhat complicated, of course.
Worst case you could disable the binary cache and build from source. Might take a while, though. I don’t know the exact options to pass to nix-env to accomplish that, maybe someone else knows that?