Thursday, April 7, 2022

[SOLVED] ntp port was blocked, how to sync time

April 07, 2022 debian, linux, ntp

Issue

Description

I am currently learning related knowledge in my study. When I use Debian operating system on my Raspberry PI, I find that the system time is not synchronized with the real time.

Errors

The error message is as follows.

 Certificate verification failed: The certificate is NOT trusted. The certificate chain uses not yet valid certificate.  Could not handshake: Error in the certificate verification. [IP: 101.6.15.130 443]
Reading package lists... Done
W: Failed to fetch https://mirrors.tuna.tsinghua.edu.cn/debian/dists/buster/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate chain uses not yet valid certificate.  Could not handshake: Error in the certificate verification. [IP: 101.6.15.130 443]

NTP has been configured (maybe I didn't? But I have carefully configured it according to the documentation, if possible, you can briefly describe the configuration process.) after many times, I still can't figure out the problem.

ntp.conf files

My ntp.conf as follows:

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift

# Leap seconds definition provided by tzdata
leapfile /usr/share/zoneinfo/leap-seconds.list

# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable


# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example
server ntp.aliyun.com iburst minpoll 4 maxpoll 10

# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
# pick a different set every time it starts up.  Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
pool 0.debian.pool.ntp.org iburst
pool 1.debian.pool.ntp.org iburst
pool 2.debian.pool.ntp.org iburst
pool 3.debian.pool.ntp.org iburst


# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

# Needed for adding pool entries
restrict source notrap nomodify noquery
restrict ntp.aliyun.com nomodify notrap nopeer noquery
# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust


# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255

# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines.  Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient
root@rpi4-20210823:~#

somethings about my ntp

root@rpi4-20210823:~# date
Wed Jul 14 03:05:09 CST 2021
root@rpi4-20210823:~# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 0.debian.pool.n .POOL.          16 p    -   64    0    0.000    0.000   0.000
 1.debian.pool.n .POOL.          16 p    -   64    0    0.000    0.000   0.000
 2.debian.pool.n .POOL.          16 p    -   64    0    0.000    0.000   0.000
 3.debian.pool.n .POOL.          16 p    -   64    0    0.000    0.000   0.000
 203.107.6.88    .INIT.          16 u    - 1024    0    0.000    0.000   0.000

My OS as follows

root@rpi4-20210823:~# cat /etc/issue
Debian GNU/Linux 11 \n \l

root@rpi4-20210823:~# cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

root@rpi4-20210823:~# hostnamectl
   Static hostname: rpi4-20210823
         Icon name: computer
  Operating System: Debian GNU/Linux 11 (bullseye)
            Kernel: Linux 5.10.0-8-arm64
      Architecture: arm64

I really want to know how to solve this problem, Thanks very much:) If you have any questions, please leave a message and communicate with us.

Solution

The error message you posted seems to be unrelated to your issue, as it looks like an apt-get error. Where have you extracted it from?

That being said, are you able to manually sync time with ntpdate? You can try doing something like this:

# apt install ntpdate
# ntpdate -v ntp.on.br

This will show clearly if you have some network problem/restriction preventing you to reach your NTP servers.

Answered By - Emerson Gomes

Answer Checked By - David Marino (WPSolving Volunteer)

This Answer collected from stackoverflow and tested by PythonFixing community admins, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0