New server, CMM fail to install

Been fighting an error while testing out CMM and preparing a new server to switch over and wanted to document here for others

Vanilla Alma 9 install with no changes, just disable selinux and run installer (8.3)

---

Installer fails after a few seconds with error message on crb repo which i will list below
The installer goes far enough that it cannot be rerun and requires the server to be reimaged to start again so thought it would be good to list the details here for others, not sure if my solution is correct or if theres a better way to do it ?

I have already wiped the server so i only have my brief notes but it seems that dnf update initially runs fine but when running the installer or subsequent dnf update i get this error

Code:

Error: Failed to download metadata for repo 'crb': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

Code:

AlmaLinux 9 - CRB                               0.0  B/s |   0  B     00:00
Errors during downloading metadata for repository 'crb':
  - Curl error (60): SSL peer certificate or SSH remote key was not OK for https://mirror.eu.oneandone.net/linux/distributions/almalinux/9/CRB/x86_64/os/repodata/repomd.xml [SSL certificate problem: unable to get local issuer certificate]
Error: Failed to download metadata for repo 'crb': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

Any subsequent commands produce the same error message

To get around the issue i went to /etc/yum.repo.d and edited the .repo file to remove the # on line 2

Code:

[crb]
name=AlmaLinux $releasever - CRB
# mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/crb
baseurl=https://mirror.eu.oneandone.net/linux/distributions/almalinux/$releasever/CRB/$basearch/os/
enabled=1
gpgcheck=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9
metadata_expire=86400
enabled_metadata=0

[crb-debug]
name=AlmaLinux $releasever - CRB - Debug
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/crb-debug
# baseurl=https://repo.almalinux.org/vault/$releasever/CRB/debug/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9
metadata_expire=86400
enabled_metadata=0

[crb-source]
name=AlmaLinux $releasever - CRB - Source
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/crb-source
# baseurl=https://repo.almalinux.org/vault/$releasever/CRB/Source/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9
metadata_expire=86400
enabled_metadata=0

Rerun with the above edit and everything seems to run ok

 

1&1/ionos are the host and mirror so you think they would get it right

The strange thing is it was working fine, i have been playing with centmin and reinstalled the server several times over the last couple months but this error only came about recently (last 7 days ish) and typically it was as i was doing the final install and prep for new production server to go live

Is it normal to #comment out a mirror list, seems like they hid the backup/failsafe ?