wget fails by a certificate problem
Solution 1
The thread: Problem with certificates helped me to solve the problem.
user mirabilos explain the commands to reinstall the ca-certificates
sudo apt-get install --reinstall ca-certificates sudo apt-get -f install sudo dpkg --purge --force-depends ca-certificates sudo apt-get -f install
Solution 2
You once compiled and installed openssl yourself and it still exists or maybe you removed that installation:
If the foldef /usr/local/ssl/
exists, check that the file /usr/local/ssl/cert.pem
exists, if not run:
sudo ln -s /etc/ssl/certs/ca-certificates.crt /usr/local/ssl/cert.pem
Solution 3
I have installed it. It worked for Ubuntu 16.4 LTS
sudo apt-get install ca-certificates
Related videos on Youtube
Sérgio
Updated on September 18, 2022Comments
-
Sérgio over 1 year
Same problem as wget interrupted by a certificate problem:
After
do-release-upgrade
from 16.04 to 18.01Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings
wget https://changelogs.ubuntu.com/meta-release-lts
--2018-09-15 08:03:41-- https://changelogs.ubuntu.com/meta-release-lts Resolving changelogs.ubuntu.com (changelogs.ubuntu.com)... 91.189.95.15, 2001:67c:1560:8008::11 Connecting to changelogs.ubuntu.com (changelogs.ubuntu.com)|91.189.95.15|:443... connected. ERROR: cannot verify changelogs.ubuntu.com's certificate, issued by ‘CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US’: Unable to locally verify the issuer's authority. To connect to changelogs.ubuntu.com insecurely, use `--no-check-certificate'.
Also (as root):
# update-ca-certificates Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done.
# wget https://www.google.com/ --2018-09-16 16:54:31-- https://www.google.com/ Resolving www.google.com (www.google.com)... 216.58.201.164, 2a00:1450:4003:80a::2004 Connecting to www.google.com (www.google.com)|216.58.201.164|:443... connected. ERROR: cannot verify www.google.com's certificate, issued by ‘CN=Google Internet Authority G3,O=Google Trust Services,C=US’: Unable to locally verify the issuer's authority. To connect to www.google.com insecurely, use `--no-check-certificate'.
Update 2018-10-23:
openssl s_client -connect www.google.com:443 -debug
fails
openssl s_client -connect www.google.com:443 --debug --CApath /etc/ssl/certs/
works
wget https://www.google.com/ --ca-directory=/etc/ssl/certs/
works, so why is the default ca-directory not
/etc/ssl/certs/
? and do I set it?New Update and solved:
strace -e openat wget https://your-url
I saw that it was using
/usr/local/lib/libssl.so.1.1
, so I found one openssl installed on/usr/local
, and after deleting it, the problem was fixed.Thanks
-
Thomas over 5 yearsAny special configuration involved in
/etc/wgetrc
or${HOME}/.wgetrc
? Also try to reinstallwget
withsudo apt-get install --reinstall wget
. -
Sérgio over 5 yearsNo , ${HOME}/.wgetrc does not exit and /etc/wgetrc is unchanged , reinstall wget didn't solve the issue
-
Ben over 5 yearsAre there actually any certificates in
/etc/ssl/certs/ca-certificates.crt
? -
Sérgio over 5 yearsll -h /etc/ssl/certs/ca-certificates.crt -rw-r--r-- 1 root root 203K set 17 02:46 /etc/ssl/certs/ca-certificates.crt
-
sudo over 2 years
openssl version -a
is a good command for situations like this, you can see if OPENSSLDIR is set incorrectly (which is probably was for your dud copy in /usr/local/lib)
-
-
Sérgio about 3 yearsI saw that it was using /usr/local/lib/libssl.so.1.1, so I found one openssl installed on /usr/local, and after deleting it, the problem was fixed.
-
Winfried about 3 yearsNormally, I never type 'thank you' comments. But I've been searching for 5 days for the solution on how a manual installed
openssl
which was then removed and restored back to an 'apt'-installedopenssl
can be used. I kept getting certificate invalid errors. This helped me a lot: Thank you!