Access Denied for the grafana gpg key

msodan · June 26, 2023, 2:55pm

Hi guys,

i have a problem:

# curl -v https://apt.grafana.com/gpg.key
*   Trying 151.101.2.217:443...
* Connected to apt.grafana.com (151.101.2.217) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=rpm.grafana.com
*  start date: May  1 09:18:27 2023 GMT
*  expire date: Jul 30 09:18:26 2023 GMT
*  subjectAltName: host "apt.grafana.com" matched cert's "apt.grafana.com"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55a188b582c0)
> GET /gpg.key HTTP/2
> Host: apt.grafana.com
> user-agent: curl/7.74.0
> accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 403 
< server: Varnish
< retry-after: 0
< content-type: text/plain
< accept-ranges: bytes
< date: Mon, 26 Jun 2023 14:53:46 GMT
< via: 1.1 varnish
< x-served-by: cache-fra-eddf8230082-FRA
< x-cache: MISS
< x-cache-hits: 0
< x-timer: S1687791226.149375,VS0,VE0
< content-length: 38
< 
* Connection #0 to host apt.grafana.com left intact
Sorry, the provided token is not valid

Get permission denied…
Debian 11

What can be wrong here ?

BR,
Michael

usman.ahmad · July 13, 2023, 11:24am

Hi Michael,

Please see this post as it seems you might have the same issue:

msodan · July 14, 2023, 8:14am

Hi Usman,

i dont have the same issue. It seems that my IP is blocked from grafana side. As you can see a simple curl or wget is not working. So it is not possible for me to download the new key.

BR,
Michael

usman.ahmad · July 14, 2023, 8:57am

What is your Geo location?

msodan · July 14, 2023, 9:12am

“ip”:“194.36.146.27”
“city”: “Karlsruhe”,
“region”: “Baden-Wurttemberg”,
“country”: “DE”,
“loc”: “49.0111,8.3601”,
“org”: “AS197540 netcup GmbH”,
“postal”: “76185”,

usman.ahmad · July 14, 2023, 2:12pm

So, I get the same message as you.

If I go at the link, get this message

Sorry, the requested url was not found

It’s not about the IP being blocked.

Please read the instructions at https://apt.grafana.com/

Also, I am not sure but my feeling is that you simply want to install Grafana on a Debian.

For that you simply follow our installation guide:

OR more easier:

Let us know if this helps.

msodan · July 16, 2023, 7:52am

Good Morning Usaman,

i am sorry but grafana was long running on our Server. Did regualary updates etc…

I get:

monitoring ~ # mkdir -p /etc/apt/keyrings/
monitoring ~ # wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor > /etc/apt/keyrings/grafana.gpg
gpg: no valid OpenPGP data found.
monitoring ~ # wget -v -O - https://apt.grafana.com/gpg.key
--2023-07-16 07:50:59--  https://apt.grafana.com/gpg.key
Resolving apt.grafana.com (apt.grafana.com)... 151.101.2.217, 151.101.66.217, 151.101.130.217, ...
Connecting to apt.grafana.com (apt.grafana.com)|151.101.2.217|:443... connected.
HTTP request sent, awaiting response... 403 Access Denied
2023-07-16 07:50:59 ERROR 403: Access Denied.

It is a simple 403. Access Denied. On other Hosts it is working. The Issue is only related to this Server…

Whats the problem here ?

msodan · July 17, 2023, 2:22pm

monitoring ~ # wget https://dl.grafana.com/oss/release/grafana_10.0.2_amd64.deb
--2023-07-17 14:22:02--  https://dl.grafana.com/oss/release/grafana_10.0.2_amd64.deb
Resolving dl.grafana.com (dl.grafana.com)... 199.232.194.217, 199.232.198.217, 2a04:4e42:4c::729, ...
Connecting to dl.grafana.com (dl.grafana.com)|199.232.194.217|:443... connected.
HTTP request sent, awaiting response... 451 geofence:blocked
2023-07-17 14:22:02 ERROR 451: geofence:blocked.

usman.ahmad · July 18, 2023, 8:43am

Just curious to know if you are using Grafana OSS or a Enterprise version?

msodan · July 18, 2023, 8:58am

OSS Version. Dont understand why the IP or a Range is blocked…

asamets · October 20, 2023, 6:11am

The same is here

~]# curl https://rpm.grafana.com/repodata/repomd.xml
Sorry, the provided token is not valid

 ~]# host rpm.grafana.com
rpm.grafana.com is an alias for dualstack.e.sni.global.fastly.net.
dualstack.e.sni.global.fastly.net has address 146.75.34.217
dualstack.e.sni.global.fastly.net has IPv6 address 2a04:4e42:78::729

It’s from US. Any suggestions?