I have installed NixOS on WSL behind Appgate, that runs a proxy and replaces the SSL certificates of the sites, I am visiting.
When I try to execute: sudo nix-channel --update I get the SSL errors, as I don’t have imported the root CA certificate of the Proxy.
I have tried to manually download the file and import its path to the configuration.nix but it still fails and shows me the same SSL error.
You should be able to rebuild offline if the minimal change set is self contained enough, as in purely local. Did you update any other inputs? I guess you could be missing some kind of extra TLS or CA store dependency for adding custom CAs, but that doesn’t seem likely for regular NixOS install. I use flakes instead of channels, so I wouldn’t know what else may be blocked you. A stdout log may showcase your error more clearly.
I think you may need a successful switch to actually apply the addition of the proxy CA to your root CA store before attempting any other changes that could require reaching out across the network. At least that was the order of operations I had to follow to remove an offline remote cache before attempting any package updates.
The problem is that I cannot successfully rebuild because of the SSL certificate errors. Is there any way to bypass the SSL verification?
@filister I dont know your usecase, but it sounds like you could try to replace the certificates by hand, and thus get a successful switch to your then hopefully working config.
How can this be done, any link?
