I run WSL (ubuntu 22.04.3 LTS) and want to use add-apt-repository but we have TLS interception in-place.
Error message:
Traceback (most recent call last): File "/usr/bin/add-apt-repository", line 364, in <module> sys.exit(0 if addaptrepo.main() else 1) File "/usr/bin/add-apt-repository", line 347, in main shortcut = handler(source, **shortcut_params) File "/usr/lib/python3/dist-packages/softwareproperties/shortcuts.py", line 40, in shortcut_handler return handler(shortcut, **kwargs) File "/usr/lib/python3/dist-packages/softwareproperties/ppa.py", line 82, in __init__ if self.lpppa.publish_debug_symbols: File "/usr/lib/python3/dist-packages/softwareproperties/ppa.py", line 120, in lpppa self._lpppa = self.lpteam.getPPAByName(name=self.ppaname) File "/usr/lib/python3/dist-packages/softwareproperties/ppa.py", line 107, in lpteam self._lpteam = self.lp.people(self.teamname) File "/usr/lib/python3/dist-packages/softwareproperties/ppa.py", line 98, in lp self._lp = login_func("%s.%s" % (self.__module__, self.__class__.__name__), File "/usr/lib/python3/dist-packages/launchpadlib/launchpad.py", line 494, in login_anonymously return cls( File "/usr/lib/python3/dist-packages/launchpadlib/launchpad.py", line 230, in __init__ super(Launchpad, self).__init__( File "/usr/lib/python3/dist-packages/lazr/restfulclient/resource.py", line 472, in __init__ self._wadl = self._browser.get_wadl_application(self._root_uri) File "/usr/lib/python3/dist-packages/lazr/restfulclient/_browser.py", line 447, in get_wadl_application response, content = self._request(url, media_type=wadl_type) File "/usr/lib/python3/dist-packages/lazr/restfulclient/_browser.py", line 389, in _request response, content = self._request_and_retry( File "/usr/lib/python3/dist-packages/lazr/restfulclient/_browser.py", line 359, in _request_and_retry response, content = self._connection.request( File "/usr/lib/python3/dist-packages/httplib2/__init__.py", line 1725, in request (response, content) = self._request( File "/usr/lib/python3/dist-packages/launchpadlib/launchpad.py", line 144, in _request response, content = super(LaunchpadOAuthAwareHttp, self)._request( File "/usr/lib/python3/dist-packages/lazr/restfulclient/_browser.py", line 184, in _request return super(RestfulHttp, self)._request( File "/usr/lib/python3/dist-packages/httplib2/__init__.py", line 1441, in _request (response, content) = self._conn_request(conn, request_uri, method, body, headers) File "/usr/lib/python3/dist-packages/httplib2/__init__.py", line 1363, in _conn_request conn.connect() File "/usr/lib/python3/dist-packages/httplib2/__init__.py", line 1155, in connect self.sock = self._context.wrap_socket(sock, server_hostname=self.host) File "/usr/lib/python3.10/ssl.py", line 513, in wrap_socket return self.sslsocket_class._create( File "/usr/lib/python3.10/ssl.py", line 1100, in _create self.do_handshake() File "/usr/lib/python3.10/ssl.py", line 1371, in do_handshake self._sslobj.do_handshake()ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate (_ssl.c:1007)What I already tried:
Add certificates to the system store
I downloaded the complete chain of the certificates and added the certificates below: /usr/share/ca-certificates/.After that, I edited the /etc/ca-certificates.conf and added the lines:
cert1.crtcert2.crtcert3.crt(Yes, there are a root certificate, a intermediate, another intermediate - so If I call a website via browser my cert chain would be: root -> intermediate1 -> intermediate2 -> leaf)after that I run sudo update-ca-certificates and 3 certifcates got added.
Because I read it sometimes, I also run sudo dpkg-reconfigure ca-certificates to verify that these new certificates are selected.
If I run add-apt-repository again -> same error.
HTTPLIB2_CA_CERTS
Because the error message shows that http2lib is involved, I found that there is a environment variable HTTPLIB2_CA_CERTS that can be used. reference: How to update cacerts.txt of httplib2 for Github?
I tried this method and set the variable to the location of all these certificates -> same error message.
/etc/ssl/certs
I also tried to put the certs directly in the folder /etc/ssl/certs and run sudo update-ca-certificates -> also not working.
REQUESTS_CA_BUNDLE
Another thing I tried is to use the REQUESTS_CA_BUNDLE - but that also leads to error. Other tools use the REQUESTS_CA_BUNDLE and it works fine - so I guess no issue on setting the variable correctly.
Can someone help me to solve the issue and get it running? (I know there are workarounds to add the repository the old fashioned way and with http:// - but I want to use add-apt-repository)