🟑 Medium   ⏱ 5–30 min  Last verified: 19 May 2026
Affected versions: RHEL 10.0 RHEL 10.1

πŸ“– ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

DNF metadata refresh intermittently fails behind a corporate proxy on RHEL 10, causing delayed patching and failed automation jobs.

Environment & Reproduction

Issue appears on managed hosts using authenticated outbound proxies and mirrored repositories.

cat /etc/dnf/dnf.conf
cat /etc/yum.repos.d/*.repo | sed -n '1,120p'
dnf makecache -v

Root Cause Analysis

Proxy settings are inconsistent between global DNF config and repo-level overrides, and TLS interception can invalidate mirror certificates.

Quick Triage

Confirm package, network, and policy state before deeper changes.

dnf repolist -v
systemctl status NetworkManager
firewall-cmd --state
getenforce
journalctl -u NetworkManager -n 50 --no-pager

Step-by-Step Diagnosis

Validate proxy connectivity, certificate chain, and DNF debug output to isolate failing endpoint.

curl -Iv https://cdn.redhat.com
grep -R "^proxy" /etc/dnf /etc/yum.repos.d -n
dnf -v makecache 2>&1 | tail -n 120
journalctl -n 100 --no-pager
Illustrative mockup for rhel-10 β€” terminal_dnf_proxy_diagnostics
DNF and proxy diagnostics on RHEL 10 β€” Illustrative mockup β€” Progressive Robot

Solution – Primary Fix

Normalize proxy definitions and trust store, then rebuild metadata cache.

Still having issues? Our Managed IT Services team can diagnose and resolve this for you. Get in touch for a free consultation.

sudo dnf config-manager --setopt=proxy=http://proxy.example:3128 --save
sudo update-ca-trust
sudo dnf clean all
sudo dnf makecache
sudo systemctl restart NetworkManager
sudo firewall-cmd --reload
Illustrative mockup for rhel-10 β€” dnf_proxy_fix_results
Proxy-aware repo fix and successful metadata refresh β€” Illustrative mockup β€” Progressive Robot

Solution – Alternative Approaches

Use per-repo proxy directives or internal mirror bypass for critical repos.

sudo dnf config-manager --setopt='rhel-10-baseos.proxy=_none_' --save
sudo dnf config-manager --setopt='rhel-10-appstream.proxy=_none_' --save

Verification & Acceptance Criteria

Metadata sync and package queries must complete without timeout or certificate errors.

dnf makecache
dnf check-update
journalctl -u dnf* -n 40 --no-pager

Rollback Plan

Revert edited DNF settings and restore previous repo files from backup.

cp /root/backup/dnf.conf /etc/dnf/dnf.conf
cp /root/backup/*.repo /etc/yum.repos.d/
dnf clean all

Prevention & Hardening

Standardize proxy policy in configuration management and monitor cache update failures.

Automate patch management and compliance across your fleet with our DevOps services.

dnf -q repolist
semanage boolean -l | grep -i proxy

See also SSL verification failures, mirrorlist DNS issues, and subscription entitlement sync errors.

Related tutorial: View the step-by-step tutorial for rhel-10.

View all rhel-10 tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Red Hat DNF documentation, Red Hat subscription content access, and enterprise proxy TLS inspection guidance.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.