Bug 2086194

Summary: Error while updating the system
Product: [Fedora] Fedora Reporter: BigmenPixel <bigmen.pixel>
Component: distributionAssignee: Aoife Moloney <amoloney>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 35CC: daniel.mach, jmracek, jrohel, kevin, mblaha, mhatina, packaging-team-maint, pkratoch, rpm-software-management, vmukhame
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-20 00:07:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description BigmenPixel 2022-05-14 15:57:53 UTC 
Description of problem:
```
$ sudo dnf update
Fedora 35 - x86_64                                      0.0  B/s |   0  B     00:03    
Errors during downloading metadata for repository 'fedora':
  - Curl error (60): SSL peer certificate or SSH remote key was not OK for https://mirrors.fedoraproject.org/metalink?repo=fedora-35&arch=x86_64 [SSL certificate problem: CA certificate key too weak]
Error: Failed to download metadata for repo 'fedora': Cannot prepare internal mirrorlist: Curl error (60): SSL peer certificate or SSH remote key was not OK for https://mirrors.fedoraproject.org/metalink?repo=fedora-35&arch=x86_64 [SSL certificate problem: CA certificate key too weak]
```

Version-Release number of selected component (if applicable):
4.11.1-3.fc35

How reproducible:
Update the system.

Steps to Reproduce:
1. Enter `sudo dnf update`

Actual results:
Error.

Expected results:
Update system w/o errors.

Additional info:
Comment 1 Jaroslav Mracek 2022-05-17 08:09:36 UTC 
I am really sorry but this type of issues are not related to DNF. It directly says `[SSL certificate problem: CA certificate key too weak]` and it is good idea that DNF (curl) rejected to use such a connection. According to issue description I believe that the issue is in infrastructure therefore changing component to `distribution`.
Comment 2 Kevin Fenzi 2022-05-20 00:07:38 UTC 
I assume you set your crypto policy to 'FUTURE' ?

*** This bug has been marked as a duplicate of bug 1832292 ***