Cannot Retrieve Metalink for Repository: EPEL
When
using yum to install or update software packages through “yum install”
or “yum update” commands, the following stop error occurred:
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again
The error is related to inability to connect to external services via
HTTPS (443) connection (EPEL repo uses
HTTPS
connection by default). There are many reasons that can cause this
error, thus to resolve the issue, troubleshooting and understanding the
underlying issue is important. Here’s several possible solutions for the
error above.
One possible possibility is that the CA certificates installed on the
system has became outdated, and hence cannot connect directly due to
unverifiable certificate errors when getting the updated metalink file
for EPEL via
HTTPS. In this scenario, update the CA certificates package with the following command:
yum --disablerepo=epel -y update ca-certificates
Note that you may also need to disable all repos that uses
HTTPS protocol and are failing.
If the CA certifications are already latest with no update available,
or if you absolutely cannot get through the cannot retrieve the repo
path error, it’s possible to force the repository to use HTTP instead of
HTTPS. However, do note that this may also indicate that your system is having other problems which you need to find out.
To do so, edit the repository configuration file in
/etc/yum.repos.d/, e.g.
vi /etc/yum.repos.d/epel.repo, and then comment out the entries that are starting with
mirrorlist=, and then uncomment the entries that are starting with
baseurl=. For example,
[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
Tip
You only need to change for the repos that are enabled, i.e. have enabled=1.
An alternative is to change the URL for the mirrorlist to HTTP, from HTTPS. You can do so easily with the following command:
sudo sed -i "s/mirrorlist=https/mirrorlist=http/" /etc/yum.repos.d/epel.repo
Or, edit manually
/etc/yum.repos.d/epel.repo, the change the line from:
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
To:
mirrorlist=http://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
It’s also possible to disable the SSL certificate check by adding
following line into appreciate EPEL section of
/etc/yum.repos.d/epel.repo:
sslverify=false
For example,
[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
sslverify=false
Last but not least, as mentioned above, normally the HTTPS secure
connection to retrieve repositories’ databases should work. It it
doesn’t, it may hint at a larger problem. The error can also be caused
by
broken or corrupted packages, or failing yum and rpm functions, such as in the
case
of mismatched nss-softokn versions. Thus, if issue persisted after
updating CA certificates, do check around for possible other issues.
