Yum in RHEL 8 Azure VMs: Curl error (56): Failure when receiving data from the peer

Known Issues Azure
1

Affected Products:

  • All ProComputers RHEL 8 images in Azure that includes rhui-azure-rhel8 package version 2.2-318 and earlier.

Opened: 2023-02-27

Severity: Severity 4 (Low)

Symptoms:
Starting with February 24th 2023, 18:41:14 GMT, in all affected RHEL 8 VM images, the Azure RHUI (Red Hat Update Infrastructure) is not reachable anymore, and the yum command fails with error “alert certificate expired, errno 0”.

[root@test-rhel8-vm ~]$ sudo yum update
Red Hat Enterprise Linux 8 for x86_64 - BaseOS from RHUI (RPMs) 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository ‘rhui-rhel-8-for-x86_64-baseos-rhui-rpms’:
- Curl error (56): Failure when receiving data from the peer for https://rhui-1.microsoft.com/pulp/repos/content/dist/rhel8/rhui/8/x86_64/baseos/os/repodata/repomd.xml [OpenSSL SSL_read: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired, errno 0]
[…]

This is due to the fact that the Azure RHUI certificate in the rhui-azure-rhel8-2.2-318.noarch packages has expired. You can see the certificate expiration date with the command below:

[root@test-rhel8-vm ~]$ sudo openssl x509 -in /etc/pki/rhui/product/content.crt -startdate -enddate -noout
notBefore=Feb 24 18:41:14 2021 GMT
notAfter=Feb 24 18:41:14 2023 GMT

Solution:
To go around this issue, you need to manually update the rhui-azure-rhel8 package using the commands below:

  1. Remove the existing rhui-azure-rhel8 package

[azureuser@test-rhel8-vm ~]$ sudo yum remove rhui-azure-rhel8
[…]

  1. Install the new rhui-azure-rhel8 package

[azureuser@test-rhel8-vm ~]$ sudo yum --config=https://rhelimage.blob.core.windows.net/repositories/rhui-microsoft-azure-rhel8.config install rhui-azure-rhel8
[…]

  1. Check the version of the new installed rhui-azure-rhel8 package

[azureuser@test-rhel8-vm ~]$ sudo rpm -qa | grep rhui
rhui-azure-rhel8-2.2-485.noarch

  1. Check the expiration date of the certificate in the new installed rhui-azure-rhel8 package

[azureuser@test-rhel8-vm ~]$ sudo openssl x509 -in /etc/pki/rhui/product/content.crt -startdate -enddate -noout
notBefore=Feb 14 06:54:17 2023 GMT
notAfter=Feb 13 06:54:17 2025 GMT

The new installed rhui-azure-rhel8-2.2-485.noarch package contains a new certificate that expires on February 13 2025, 06:54:17 GMT.

If you still face the same issue, please contact ProComputers Support as instructed in this article.