#2296 closed defect (fixed)
download.osgeo.org certificate not recognized by curl / wget
| Reported by: | rouault | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | SysAdmin | Keywords: | |
| Cc: |
Description
Since a few hours ago (April 28 2019), I get errors from curl and wget when downloading from https://download.osgeo.org. This is on Ubuntu 16.04 (and also true from Travis-CI workers)
$ curl https://download.osgeo.org/proj/proj-6.0.0RC4.tar.gz curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.
$ wget https://download.osgeo.org/proj/proj-6.0.0RC4.tar.gz --2019-04-28 12:25:26-- https://download.osgeo.org/proj/proj-6.0.0RC4.tar.gz Resolving download.osgeo.org (download.osgeo.org)... 140.211.15.132 Connecting to download.osgeo.org (download.osgeo.org)|140.211.15.132|:443... connected. ERROR: cannot verify download.osgeo.org's certificate, issued by 'CN=Let\'s Encrypt Authority X3,O=Let\'s Encrypt,C=US': Unable to locally verify the issuer's authority. To connect to download.osgeo.org insecurely, use `--no-check-certificate'.
In Firefox 66, this works
Change History (3)
comment:1 by , 5 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
follow-up: 3 comment:2 by , 5 years ago
comment:3 by , 5 years ago
Replying to robe:
This might be baecause I switched it it a letsencrypt wildcard cert. Before it used to be SSLs.com cert which is going to expire very soon.
SSLCertificateChainFile was just not pointing at chain.pem
Note:
See TracTickets
for help on using tickets.
This might be baecause I switched it it a letsencrypt wildcard cert. Before it used to be SSLs.com cert which is going to expire very soon.
Let me see if it works better with a single cert. I'll try in a minute