<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>After reading your repl<i>y </i>I tried sudo
update-ca-certificates, but wget still didn't work. I tried sudo
apt reinstall ca-certificates and it still doesn't work. Until I
get this fixed, I'll just ssh into my raspberry pi to get what I
want then copy it over to the ubunty box. Thanks for trying to
help. Is there anything else that might cause this to happen?<span
style="font-family:monospace"><br>
</span></p>
<div class="moz-cite-prefix">On 9/17/22 15:08, James Mcphee via
PLUG-discuss wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CA+scvgDyfEAhe9BPTr9S1vDuQH2f_9VcnjOJJpiao-RTh603QQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">wget, curl, etc are compiled with gnu_tls or
openssl or libressl, or whatever. usually when adding those
config options, you'll have some vars for distro-specific
settings. anyway. in ubuntu, ca-certificates is the pkg that
holds your normal trust stuff. update-ca-certificates is the
command you'd use to do the update. So, if you think you broke
your trust store, you could try update-ca-certificates, and if
that didn't work, a reinstall of ca-certificates. specifically,
what update-ca-certificates does is takes the list from
/etc/ca-certificates.conf from /etc/ssl/certs and updates
the various ca bundles like the java cacerts and the
ca-certificates.txt, and anything else if the distro decided to
use that in its TLS/SSL config.</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Sat, Sep 17, 2022 at 11:46
AM Michael Butash via PLUG-discuss <<a
href="mailto:plug-discuss@lists.phxlinux.org"
moz-do-not-send="true" class="moz-txt-link-freetext">plug-discuss@lists.phxlinux.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div>Some quick searching as I don't often use wget, it
looks like it doesn't use local system certs, and has no
inherent trust to certs at all. If you search "wget ssl
certificates" like I just did, you see others posting how
to skip the check and trust anyways, and various
discussions wtf this is even a thing still. Weird
software caveat I'd say it doesn't just reference system
cert trusts, or just hasn't felt the need to be updated in
20 years because you know, security is meh.<br>
</div>
<div><br>
</div>
<div>-mb</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Sat, Sep 17, 2022 at
10:40 AM Jim via PLUG-discuss <<a
href="mailto:plug-discuss@lists.phxlinux.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">plug-discuss@lists.phxlinux.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<p>It's not just <a href="http://ww.gutenberg.org"
target="_blank" moz-do-not-send="true">ww.gutenberg.org</a>.
That's an example of what happens no matter what site
I try to use wget on. About the truststore, how do I
add to or update it? I decided to ask for help after
trying to install openwebrx following the instructions
here. <a
href="https://www.openwebrx.de/download/ubuntu.php"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://www.openwebrx.de/download/ubuntu.php</a>
Also I found out today that something similar happens
with youtube-dl. I tried to use it today and this is
what happened. Youtube-dl works if I use the
--no-check-certificate option. <br>
</p>
<p><span style="font-family:monospace"><span
style="color:rgb(0,0,0);background-color:rgb(255,255,255)">$
youtube-dl <a
href="https://www.youtube.com/watch?v=VW3XQDDGhA4"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://www.youtube.com/watch?v=VW3XQDDGhA4</a>
</span><br>
[youtube] VW3XQDDGhA4: Downloading webpage <br>
<span
style="color:rgb(178,104,24);background-color:rgb(255,255,255)">WARNING:</span><span
style="color:rgb(0,0,0);background-color:rgb(255,255,255)"> Unable to
download webpage: <urlopen error [SSL:
CERTIFICATE_VERIFY_FAILED] certificate ver</span><br>
ify failed: unable to get local issuer certificate
(_ssl.c:1131)> <br>
[youtube] VW3XQDDGhA4: Downloading API JSON <br>
<span
style="color:rgb(178,24,24);background-color:rgb(255,255,255)">ERROR:</span><span
style="color:rgb(0,0,0);background-color:rgb(255,255,255)"> Unable to
download API page: <urlopen error [SSL:
CERTIFICATE_VERIFY_FAILED] certificate veri</span><br>
fy failed: unable to get local issuer certificate
(_ssl.c:1131)> (caused by
URLError(SSLCertVerifica<br>
tionError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local
issuer<br>
certificate (_ssl.c:1131)')))<br>
<br>
<br>
</span></p>
<p><br>
</p>
<div>On 9/16/22 17:33, James Mcphee via PLUG-discuss
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">check out the verification of the cert
chain. it works for me with a new build of 20.04,
so it might be that you need to add or update your
truststore.
<div>openssl s_client -connect <a
href="http://www.gutenberg.org:443"
target="_blank" moz-do-not-send="true">www.gutenberg.org:443</a>
< /dev/null | openssl x509 -text -noout<br>
</div>
<div><br>
</div>
<div>up there at the top, this is what it looks like
when it works</div>
<div>depth=2 C = US, ST = New Jersey, L = Jersey
City, O = The USERTRUST Network, CN = USERTrust
RSA Certification Authority<br>
verify return:1<br>
depth=1 C = US, ST = VA, L = Herndon, O = Network
Solutions L.L.C., CN = Network Solutions OV Server
CA 2<br>
verify return:1<br>
depth=0 C = US, ST = Utah, L = Salt Lake City, O =
Project Gutenberg Literary Archive Foundation, CN
= *.<a href="http://gutenberg.org" target="_blank"
moz-do-not-send="true">gutenberg.org</a><br>
verify return:1<br>
DONE<br>
</div>
<div><br>
</div>
<div>I can see that i have that usertrust network
cert in /etc/ssl/certs, so all is good. if i had
to add one i'd have then run update-ca-certicates.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Sep 16,
2022 at 2:17 PM Jim via PLUG-discuss <<a
href="mailto:plug-discuss@lists.phxlinux.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">plug-discuss@lists.phxlinux.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px
0px 0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<p>This has been bugging me for a while, but
today it's annoying me to the point I want to
fix it. Wget gives me an error whenever I try
to use it. I have no problem getting files
using a web browser. Here's an example.
Using firefox I was able to download the file,
but this can be a pain in the butt when I'm
trying to add a repository. I have Ubuntu
20.04 installed.<br>
</p>
<p><br>
</p>
<p><span style="font-family:monospace"><span
style="color:rgb(0,0,0);background-color:rgb(255,255,255)">$
wget <a
href="https://www.gutenberg.org/ebooks/68992.epub.images"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://www.gutenberg.org/ebooks/68992.epub.images</a>
</span><br>
--2022-09-16 14:08:02-- <a
href="https://www.gutenberg.org/ebooks/68992.epub.images"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://www.gutenberg.org/ebooks/68992.epub.images</a>
<br>
Resolving <a
href="http://www.gutenberg.org"
target="_blank" moz-do-not-send="true">www.gutenberg.org</a>
(<a href="http://www.gutenberg.org"
target="_blank" moz-do-not-send="true">www.gutenberg.org</a>)...
152.19.134.47,
2610:28:3090:3000:0:bad:cafe:47 <br>
Connecting to <a
href="http://www.gutenberg.org"
target="_blank" moz-do-not-send="true">www.gutenberg.org</a>
(<a href="http://www.gutenberg.org"
target="_blank" moz-do-not-send="true">www.gutenberg.org</a>)|152.19.134.47|:443...
connected. <br>
ERROR: cannot verify <a
href="http://www.gutenberg.org's"
target="_blank" moz-do-not-send="true">www.gutenberg.org's</a>
certificate, issued by ‘CN=Network Solutions
OV Server CA 2<br>
,O=Network Solutions
L.L.C.,L=Herndon,ST=VA,C=US’: <br>
Self-signed certificate encountered. <br>
To connect to <a
href="http://www.gutenberg.org"
target="_blank" moz-do-not-send="true">www.gutenberg.org</a>
insecurely, use `--no-check-certificate'.<br>
<br>
Any idea how to fix this? thanks</span></p>
<p><span style="font-family:monospace"><br>
</span></p>
</div>
---------------------------------------------------<br>
PLUG-discuss mailing list: <a
href="mailto:PLUG-discuss@lists.phxlinux.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail
settings:<br>
<a
href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss"
rel="noreferrer" target="_blank"
moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></blockquote>
</div>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr">James McPhee<br>
<a href="mailto:jmcphe@gmail.com" target="_blank"
moz-do-not-send="true"
class="moz-txt-link-freetext">jmcphe@gmail.com</a></div>
<br>
<fieldset></fieldset>
<pre>---------------------------------------------------
PLUG-discuss mailing list: <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext">PLUG-discuss@lists.phxlinux.org</a>
To subscribe, unsubscribe, or to change your mail settings:
<a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></pre>
</blockquote>
</div>
---------------------------------------------------<br>
PLUG-discuss mailing list: <a
href="mailto:PLUG-discuss@lists.phxlinux.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail
settings:<br>
<a
href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></blockquote>
</div>
---------------------------------------------------<br>
PLUG-discuss mailing list: <a
href="mailto:PLUG-discuss@lists.phxlinux.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a
href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></blockquote>
</div>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr" class="gmail_signature">James McPhee<br>
<a href="mailto:jmcphe@gmail.com" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">jmcphe@gmail.com</a></div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">---------------------------------------------------
PLUG-discuss mailing list: <a class="moz-txt-link-abbreviated" href="mailto:PLUG-discuss@lists.phxlinux.org">PLUG-discuss@lists.phxlinux.org</a>
To subscribe, unsubscribe, or to change your mail settings:
<a class="moz-txt-link-freetext" href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></pre>
</blockquote>
</body>
</html>