First of all, if you can, you really should upgrade, to either CentOS Stream if a rolling release works for you, or Alpine or Rocky Linux if you want the same sort of release cadence as CentOS historically had, and before anyone points out that there’s no direct upgrade path, I know, and that makes upgrading basically a reprovision exercise, but still in the longer term, you’ll be better off. This is a small note I found regarding the current CentOS 6 status:
CentOS 6 is *dead* and *shouldn't* be used anywhere at *all*
Also, if you’re considering the last non-rolling release of CentOS, CentOS 8, keep in mind that CentOS 8 has had the rug pulled from under it in terms of lifecycle and should have been supported until the end of 2029, but that was brought forward to the end of 2021, and so is also end of life.
For the purposes of what follows though, I’m assuming that you can’t upgrade easily for some reason and that’s why you’re here, stuck in the same hole I was.
So, you’ll see an error similar to the below when you run the usual yum update commands:
Setting up Upgrade Process
YumRepo Error: All mirror URLUniform Resource Identifiers are not using ftp, http[s] or file.
Eg. Invalid release/repo/arch combination/
removing mirrorlist with no valid mirrors: /var/cache/yum/x86_64/6/base/mirrorlist.txt
Error: Cannot retrieve repository metadata (repomd.xml) for repository: base. Please verify its path and try againThe fix here is fairly simple and it’s to use the CentOS vault repos, which are snapshots of older release trees.
So to fix the base repo, just copy the following into /etc/yum.repos.d/CentOS-Base.repo
[C6.10-base]
name=CentOS-6.10 - Base
baseurl=http://linuxsoft.cern.ch/centos-vault/6.10/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=1
metadata_expire=never
[C6.10-updates]
name=CentOS-6.10 - Updates
baseurl=http://linuxsoft.cern.ch/centos-vault/6.10/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=1
metadata_expire=never
[C6.10-extras]
name=CentOS-6.10 - Extras
baseurl=http://linuxsoft.cern.ch/centos-vault/6.10/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=1
metadata_expire=never
[C6.10-contrib]
name=CentOS-6.10 - Contrib
baseurl=http://linuxsoft.cern.ch/centos-vault/6.10/contrib/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=0
metadata_expire=never
[C6.10-centosplus]
name=CentOS-6.10 - CentOSPlus
baseurl=http://linuxsoft.cern.ch/centos-vault/6.10/centosplus/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=0
metadata_expire=neverThen to fix the epel repo, this is the vault config to go into /etc/yum.repos.d/epel.repo
[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
baseurl=http://mirror.math.princeton.edu/pub/fedora-archive/epel/6/$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
[epel-debuginfo]
name=Extra Packages for Enterprise Linux 6 - $basearch - Debug
baseurl=http://mirror.math.princeton.edu/pub/fedora-archive/epel/6/$basearch/debug
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1If you prefer you can just curl the files down that contain the above config and overwrite the existing old configs:
curl https://www.mark-gilbert.co.uk/wp-content/uploads/2021/08/CentOS-Base.repo --output /etc/yum.repos.d/CentOS-Base.repo
curl https://www.mark-gilbert.co.uk/wp-content/uploads/2021/08/epel.repo --output /etc/yum.repos.d/epel.repo
Update – Dec 2021 – Someone posted in the comments to say they couldn’t download the configs using the commands I included in the article, and I realise this is due to the various https settings I employ on the website and older CentOS installs not being compatible with what I enforce, so I’ve added the same commands that are pulling from AWS S3 below to get around this.
AWS S3 hosted versions of the same files and the relevant commands are below:
curl http://mark-gilbert-co-uk.s3-website-eu-west-1.amazonaws.com/CentOS-Base.repo –output /etc/yum.repos.d/CentOS-Base.repo
curl http://mark-gilbert-co-uk.s3-website-eu-west-1.amazonaws.com/epel.repo –output /etc/yum.repos.d/epel.repoUpdate – Feb 2022 – I’ve had to amend the details here again as more and more http mirrors are moving to redirect to https, meaning that on a server with extremely old software packages, you won’t be able to connect as you’ll be pushed to https. Unfortunately this is just to happen more and more, and you really, really should migrate to something more modern, that’s still supported.
Update – April 2022 – I’ve updated the epel mirrors to use the Princeton University servers in the US, as someone in the comments pointed out that the epel mirrors were also not working now.
When i run:
sudo curl https://www.mark-gilbert.co.uk/wp-content/uploads/2021/08/CentOS-Base.repo –output /etc/yum.repos.d/CentOS-Base.repo
I get:
curl: (35) SSL connect error
Overwriting with the files manually does not work. Same error:
sudo yum update
Loaded plugins: fastestmirror, security
Setting up Update Process
Loading mirror speeds from cached hostfile
http://vault.centos.org/6.10/os/x86_64/repodata/repomd.xml: [Errno 14] problem making ssl connection
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: C6.10-base. Please verify its path and try again
Ah, I’m guessing what’s happened here is when I ran these I dumped the files out on another box and copied them in, then modified the commands to dump them straight to the right folders when I came to write this post, and I forgot that on CentOS 6 the more modern SSL config on my website would prevent SSL connections.
Try these two slightly modified locations, I’ve uploaded the same files to an AWS S3 bucket.
curl http://mark-gilbert-co-uk.s3-website-eu-west-1.amazonaws.com/CentOS-Base.repo –output /etc/yum.repos.d/CentOS-Base.repo
curl http://mark-gilbert-co-uk.s3-website-eu-west-1.amazonaws.com/epel.repo –output /etc/yum.repos.d/epel.repo
If they work ok for the curl commands I’ll update the post.
I think his problem is the old ca-certificate package is too old, he cant established a connection to vault.
Yeah, I’d guess in doing that from the afflicted CentOS box, the version of curl on there wouldn’t be able to establish a connection to the web server behind my site, I do get fairly strict with ciphers and certainly anything less than TLS 1.2 will fail, and I should have realised that older version of CentOS might not be able to connect. The S3 location should work though as it’s not https, or just download the file on another machine and copy and paste the contents using vi or whatever other test editor.
I can’t establish connection to vault as well, any solution to that?
I am getting the below error on doing “yum upgrade” after even updating the CentOS-Base.repo file
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
http://vault.centos.org/6.10/os/x86_64/repodata/repomd.xml: [Errno 12] Timeout on http://vault.centos.org/6.10/os/x86_64/repodata/repomd.xml: (28, ‘connect() timed out!’)
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: C6.10-base. Please verify its path and try again
Any help would be appreciated, thanks
The mirror I originally posted that previously did support http is now only redirecting to https by the looks of it. I’ve updated the repo files and details in the post to reflect one of the few mirrors that still support http.
You can see here the redirect for the vault site:
curl -IL http://vault.centos.org/6.10/os/x86_64/repodata/repomd.xmlHTTP/1.1 301 Moved Permanently
Date: Fri, 18 Feb 2022 20:01:25 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Location: https://vault.centos.org/6.10/os/x86_64/repodata/repomd.xml
Content-Type: text/html; charset=iso-8859-1
HTTP/1.1 200 OK
Date: Fri, 18 Feb 2022 20:01:31 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
Strict-Transport-Security: max-age=31536000
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 29 Jun 2018 15:37:44 GMT
ETag: "ea5-56fc9a1032200"
Accept-Ranges: bytes
Content-Length: 3749
Content-Type: text/xml
21 March 2022 Had issue with Cento 6.6 and SSL
updated files as per above . the .old the epel repo as that was giving ssl connectivity errors.
i then updated
1) yum clean all
2) yum update yum
3) yum update curl
4) yum update openssl
5) yum update nss
The rename epel back to epel.repo
and the yum update . all good
That was very useful to me, disabling epel and postgres repositories before upgrading yum openssl and nss put me in the condition to make yum work again and then installed the new repos for postgres.
Thank you again.
Francesco
Saved me a ton of work.
Thanks for putting this out there and someone cross posted this on centos forum as well.
I’m pleased it helped and thanks for the cross post
Thanks for this Mark!
Looks like the epel repos have gone away now…
Updated to use the Princeton university ones now
Very useful to me too. Updating OpenVPN to 2.4 release.
I would like to point out a mistake in the epel URL:
baseurl=http://mirror.math.princeton.edu/pub/fedora-archive/epel/6/x86_64/$basearch
Need to remove the “x86_64/” text.
Thank you
Good catch, updated that now
After looking for in google, i found your article…
Really you help me, i can install tcpdump and sngrep (for this before install, you should import the key from irontec and after yum install sngrep)..
Thanks a lot of…
sorry for my english…from MX thnks again!
I spend a whole day searching for an answer but no success.
Did and “redid” this tutorial but still getting:
YumRepo Error: All mirror URLs are not using ftp, http[s] or file.
Eg. Invalid release/repo/arch combination/
removing mirrorlist with no valid mirrors: /var/cache/yum/x86_64/6/centos-sclo-rh/mirrorlist.txt
Error: Cannot retrieve repository metadata (repomd.xml) for repository: centos-sclo-rh. Please verify its path and try again
I’m using Centos 6.10 and I’m trying to install fail2ban
What version of CentOS is this running, and is this still an Internet facing production server?
— EDIT —
After a lot of changes in those .repo files as I looked for the internet for solutions, now I get a new error that I don’t know how to solve 🙁
Setting up Install Process
base | 3.7 kB 00:00
base/primary_db | 4.7 MB 00:02
epel | 4.7 kB 00:00
epel/primary_db | 6.1 MB 00:04
extras | 3.4 kB 00:00
extras/primary_db | 29 kB 00:00
updates | 3.4 kB 00:00
updates/primary_db | 12 MB 00:05
http://mirror.globo.com/centos/6/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 – “Couldn’t resolve host ‘mirror.globo.com'”
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: upgrade. Please verify its path and try again
Hi! Do you have a similar solution for 5.5? We have some really old stuff running in our infrastructure and I am simply looking to buy some time to replace them with modern (not EOL).. Unfortunately, lots of coding required to do that. So thanks for the help!
I have change the two repo as suggested in blog after that i tried to run yum update, I am getting below error.
Loaded plugins: fastestmirror, security
Setting up Install Process
Loading mirror speeds from cached hostfile
http://linuxsoft.cern.ch/centos-vault/6.10/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 7 – “couldn’t connect to host”
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: C6.10-base. Please verify its path and try again
[root@quickstart yum.repos.d]# sudo sed -i ‘s/https/http/g’ /etc/yum.repos.d/epel.repo
If you run
curl -IL http://linuxsoft.cern.ch, do you get a 200 response back like below?HTTP/1.1 200 OKDate: Sat, 13 Aug 2022 09:03:39 GMT
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html
Obtuve el siguiente resultado:
HTTP/1.1 403 Forbidden
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors ‘self’
Content-Length: 4754
Connection: Close
Update for 10/2022
Use HTTP mirrors linuxsoft.cern.ch then update.
After updating, you can use this set of:
[C6.10-base]
name=CentOS-6.X – Base
baseurl=https://archive.kernel.org/centos-vault/6.10/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=1
[C6.10-updates]
name=CentOS-6.X – Updates
baseurl=https://archive.kernel.org/centos-vault/6.10/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=1
[C6.10-extras]
name=CentOS-6.X – Extras
baseurl=https://archive.kernel.org/centos-vault/6.10/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=1
Good shout, thanks
Muito bom. Parabéns!
thanks So much, your article is really helpful!
Hi Mark
I get this error: http://archive.cloudera.com/cdh5/redhat/6/x86_64/cdh/5/repodata/repomd.xml: [Errno 14] problem making ssl connection
What am I missing?
It would appear they’ve added a HTTP to HTTPS redirect and then require a login for the HTTPS site
“curl -IL http://archive.cloudera.com/p/cdh5/redhat/6/x86_64/cdh/5/repodata/repomd.xml”
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://archive.cloudera.com/p/cdh5/redhat/6/x86_64/cdh/5/repodata/repomd.xml
Accept-Ranges: bytes
Date: Sat, 24 Dec 2022 17:59:56 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420102-LON
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1671904797.882244,VS0,VE0
Content-Security-Policy: frame-ancestors ‘self’
HTTP/2 401
server: Varnish
retry-after: 0
content-type: text/html; charset=utf-8
www-authenticate: Basic realm=Secured
accept-ranges: bytes
date: Sat, 24 Dec 2022 17:59:56 GMT
via: 1.1 varnish
x-served-by: cache-lon4252-LON
x-cache: MISS
x-cache-hits: 0
x-timer: S1671904797.925054,VS0,VE0
content-security-policy: frame-ancestors ‘self’
content-length: 290
Found a working http link:
update the /etc/yum.repos.d/CentOS-Base.repo similar to the one below, I am using 6.6 update the version based on your need,
[c6.6-base]
name=CentOS-6.6 – Base
baseurl=http://mirror.nsc.liu.se/centos-store/6.6/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=1
metadata_expire=never
[C6.6-updates]
name=CentOS-6.6 – Updates
baseurl=http://mirror.nsc.liu.se/centos-store/6.6/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=1
metadata_expire=never
[C6.6-extras]
name=CentOS-6.6 – Extras
baseurl=http://mirror.nsc.liu.se/centos-store/6.6/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=1
metadata_expire=never
[C6.6-contrib]
name=CentOS-6.6 – Contrib
baseurl=http://mirror.nsc.liu.se/centos-store/6.6/contrib/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=0
metadata_expire=never
[C6.6-centosplus]
name=CentOS-6.6 – CentOSPlus
baseurl=http://mirror.nsc.liu.se/centos-store/6.6/centosplus/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=0
metadata_expire=never
Thanks, this saved me on an old CentOS 6.7 box! The steps I took to get curl working with tlsv1.2:
Backup exiting config files and:
$ vi /etc/yum.repos.d/CentOS-Base.repo # copy paste your file
$ vi /etc/yum.repos.d/epel.repo # copy paste your file
$ yum –disablerepo=epel update ca-certificates
$ yum update openssl curl nss
$ curl # now works with tlsv1.2
Cheers!
Thank you very much!
I was able to update my curl version on my very old server 🙂
Just wanted to say thank you for this post. I’m trying to do data migration from some very old servers and only had a Centos 6 Live CD to work with.
I spent all night fighting these repo updates and yours was the only one that worked.
Thank you!!!!
This was the only CentOS 6 write up to get YUM working again that did, in fact, have working links. Thank you!
I’m just here to say … I love you dude my bro
Hello
I am getting the below error:
[root@Linux ~]# yum check-update
Loaded plugins: fastestmirror
Determining fastest mirrors
C6.6-extras | 3.4 kB 00:00
C6.6-extras/primary_db | 31 kB 00:00
C6.6-updates | 3.4 kB 00:00
C6.6-updates/primary_db | 4.4 MB 00:13
c6.6-base | 3.7 kB 00:00
c6.6-base/primary_db | 4.6 MB 00:11
epel | 4.7 kB 00:00
could not connect: Connection timed out 15% [=========- ] 164 kB/s | 953 kB 00:32 ETA
epel/primary_db | 6.1 MB 00:18
http://dev.centos.org/centos/6/upg/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 – “Couldn’t resolve host ‘dev.centos.org'”
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: upgrade. Please verify its path and try again
My CentOS release is :
[root@Linux ~]# cat /etc/redhat-release
CentOS release 6.6 (Final)
Any help would be appreciated, thanks
You could try https://buildlogs.centos.org/centos/6/upg/x86_64/repodata/repomd.xml
Thank you!!!