Nothing provides libcrypto.so.3

jaknaus · November 14, 2025, 12:01pm

When running dnf upgrade on my Almalinux9 server I get this error:

Last metadata expiration check: 2:36:23 ago on Fri Nov 14 09:44:02 2025.
Error: 
 Problem 1: cannot install the best update candidate for package postgresql17-contrib-17.6-1PGDG.rhel9.x86_64
  - nothing provides libcrypto.so.3(OPENSSL_3.4.0)(64bit) needed by postgresql17-contrib-17.7-1PGDG.rhel9.x86_64 from pgdg17
 Problem 2: problem with installed package postgresql17-contrib-17.6-1PGDG.rhel9.x86_64
  - package postgresql17-contrib-17.6-1PGDG.rhel9.x86_64 from @System requires postgresql17(x86-64) = 17.6-1PGDG.rhel9, but none of the providers can be installed
  - package postgresql17-contrib-17.6-1PGDG.rhel9.x86_64 from pgdg17 requires postgresql17(x86-64) = 17.6-1PGDG.rhel9, but none of the providers can be installed
  - cannot install both postgresql17-17.7-1PGDG.rhel9.x86_64 from pgdg17 and postgresql17-17.6-1PGDG.rhel9.x86_64 from @System
  - cannot install both postgresql17-17.7-1PGDG.rhel9.x86_64 from pgdg17 and postgresql17-17.6-1PGDG.rhel9.x86_64 from pgdg17
  - cannot install the best update candidate for package postgresql17-17.6-1PGDG.rhel9.x86_64
  - nothing provides libcrypto.so.3(OPENSSL_3.4.0)(64bit) needed by postgresql17-contrib-17.7-1PGDG.rhel9.x86_64 from pgdg17
(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)

I have installed postgres 17 from the official postgres repo:

pgdg-common                              PostgreSQL common RPMs for RHEL / Rocky / AlmaLinux 9 - x86_64
pgdg17                                   PostgreSQL 17 for RHEL / Rocky / AlmaLinux 9 - x86_64

How can I fix this?

redadmin · November 14, 2025, 12:38pm

Hello

jaknaus

dnf is asking for libcrypto.so.3(OPENSSL_3.4.0)(64bit), but AlmaLinux 9’s openssl-libs only provides symbols up to OPENSSL_3.2.0. That’s why you’re getting the error.

[redadmin@alma9 ~]$ rpm -q --provides openssl-libs
config(openssl-libs) = 1:3.2.2-6.el9_5.1
libcrypto.so.3()(64bit)
libcrypto.so.3(OPENSSL_3.0.0)(64bit)
libcrypto.so.3(OPENSSL_3.0.1)(64bit)
libcrypto.so.3(OPENSSL_3.0.3)(64bit)
libcrypto.so.3(OPENSSL_3.0.8)(64bit)
libcrypto.so.3(OPENSSL_3.0.9) (64bit)
libcrypto.so.3(OPENSSL_3.1.0)(64bit)
libcrypto.so.3(OPENSSL_3.2.0)(64bit)
libssl.so.3()(64bit)
libssl.so.3(OPENSSL_3.0.0) (64bit)
libssl.so.3(OPENSSL_3.2.0)(64bit)
openssl-libs = 1:3.2.2-6.el9_5.1
openssl-libs(x86-64) = 1:3.2.2-6.el9_5.1
config(openssl-libs) = 1:3.2.2-6.el9_5.1
libcrypto.so.3
libcrypto.so.3(OPENSSL_3.0.0)
libcrypto.so.3(OPENSSL_3.0.1)
libcrypto.so.3(OPENSSL_3.0.3)
libcrypto.so.3(OPENSSL_3.0.8)
libcrypto.so.3(OPENSSL_3.0.9)
libcrypto.so.3(OPENSSL_3.1.0)
libcrypto.so.3(OPENSSL_3.2.0)
libssl.so.3
libssl.so.3(OPENSSL_3.0.0)
libssl.so.3(OPENSSL_3.2.0)
openssl-libs = 1:3.2.2-6.el9_5.1
openssl-libs(x86-32) = 1:3.2.2-6.el9_5.1

I believe keeping PostgreSQL 17.6 as-is is the best approach.

thank you

jlehtone · November 14, 2025, 4:36pm

You wait for AlmaLinux 9.7.

Red Hat has released RHEL 9.7. It has updates to its libraries.
PostgreSQL has already built and released packages that require libraries that el9_7 has.
AlmaLinux project has not released AlmaLinux 9.7 yet.

This same issue with third-party repos occurs at every point update of el9.

Example of timeline:

RHEL and Alma have version 9.6 and third-party repos have packages A, B, and C
RHEL 9.7 is released
A and B fail with 9.7, because they require libs of 9.6 – if RHEL user needs them, then they cannot upgrade to 9.7 yet
Third-party rebuilds A’ for 9.7
A’ works on RHEL 9.7 and fails on Alma 9.6 – if Alma user needs A, then they cannot upgrade to A’
Alma 9.7 is released – A’ works, B fails on it
Third-party rebuilds B’ for 9.7 – works in both RHEL and Alma

(The C continued to work on all versions, because it had no strict dependency.)

sej7278 · November 15, 2025, 9:15pm

I have installed postgres 17 from the official postgres repo:

so don’t do that.

jlehtone · November 15, 2025, 9:59pm

To be fair, Alma 9 offers only versions of 13, 15, and 16 of PostgreSQL. If there are solid reasons to use something that the distro does not provide nor support, then that is what one must do. However, then the “support” is up to user. Is that said explicitly anywhere? Probably not.

sej7278 · November 20, 2025, 8:45pm

if you’re getting packages from the upstream vendor, you should pay for support from the upstream vendor too.

jaknaus · November 21, 2025, 7:55am

Thanks for clarification. As meanwhile AlmaLinux 9.7 is released I consider this as solved.