🟠 High   ⏱ 5–30 min  Last verified: 19 May 2026
Affected versions: RHEL 10

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

DNF operations time out with Curl error 28 when reaching repository metadata through a proxy. Patch cycles stall, compliance drifts, and security errata remain unapplied until repository access is restored.

Environment & Reproduction

Common in restricted enterprise networks where proxy settings differ between shell, dnf.conf, and systemd environments.

dnf clean all
dnf -v makecache
env | grep -i proxy
grep -R "^proxy=" /etc/dnf /etc/yum.repos.d

Root Cause Analysis

Mismatched proxy values, TLS inspection cert trust gaps, or firewall egress restrictions cause metadata retrieval to fail before repodata can be refreshed.

Quick Triage

Validate network, DNS, and repo reachability quickly.

journalctl -u NetworkManager -n 50 --no-pager
resolvectl status || cat /etc/resolv.conf
curl -I https://cdn.redhat.com --max-time 15

Step-by-Step Diagnosis

Check effective dnf and certificate configuration, then verify proxy path.

dnf repolist -v
update-ca-trust check
openssl s_client -connect cdn.redhat.com:443 -brief </dev/null
firewall-cmd --list-all
Illustrative mockup for rhel-10 — terminal_or_shell
Diagnosing DNF proxy timeout errors — Illustrative mockup — Progressive Robot

Solution – Primary Fix

Set consistent proxy values, trust corporate CA if used, and rebuild cache.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

sudo tee -a /etc/dnf/dnf.conf >/dev/null <<'EOF'
proxy=http://proxy.example.com:8080
EOF
sudo update-ca-trust
sudo dnf clean all
sudo dnf makecache
Illustrative mockup for rhel-10 — log_or_config
Applying proxy and repository fixes — Illustrative mockup — Progressive Robot

Solution – Alternative Approaches

Use repo-specific proxy exclusions or direct mirror access for internal repositories.

sudo sed -i '/^proxy=/d' /etc/yum.repos.d/*.repo
sudo tee -a /etc/yum.repos.d/internal.repo >/dev/null <<'EOF'
proxy=_none_
EOF

Verification & Acceptance Criteria

Metadata refresh succeeds and update transactions can resolve dependencies.

dnf makecache
dnf check-update || true
dnf repolist

Rollback Plan

Revert dnf proxy edits and certificate changes if connectivity worsens.

sudo cp /etc/dnf/dnf.conf /etc/dnf/dnf.conf.rollback
sudo sed -i '/^proxy=/d' /etc/dnf/dnf.conf
sudo dnf clean all

Prevention & Hardening

Standardize repository and proxy configuration through automation and health checks.

systemctl enable --now dnf-makecache.timer
dnf config-manager --save --setopt=fastestmirror=True

Often co-occurs with SSL certificate verify failures, subscription access issues, or DNS timeouts on bastion hosts.

Related tutorial: View the step-by-step tutorial for rhel-10.

View all rhel-10 tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Red Hat documentation for DNF configuration, subscription content access, and enterprise proxy guidance.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.