<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>It's fixed now. After a few minutes looking, I found someone
who had the same problem and fixed it by putting
ca_directory=/etc/ssl/certs in /etc/wgetrc<br>
</p>
<pre><code>
</code></pre>
<div class="moz-cite-prefix">On 9/19/22 02:35, James Mcphee via
PLUG-discuss wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CA+scvgCaJVfyidY5m1DogprFw6csBwVG-_SX0q+zRM29Q-_25A@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Yeah, take a look at the makefile for wget and you
can get an idea of how complicated these kinds of general use
programs are. you can make a relatively simple http client in
code, but trying to get it to handle all the corner cases of the
web, it's just easier to depend on something that already does
all the heavy lifting. For scripting, it's usually either wget
or curl. Full languages will tend to have their own http libs
and don't have to reach outside, though they will tend to depend
on SSL/TLS from openssl or gnu_tls on the OS to avoid having the
implement that whole stack in native code. Tend, not required.
There is a native ssl implementation in java for example.
<div><br>
</div>
<div>Interesting about wget2. The distros I tend to use are so
ancient I wasn't aware it had been released. Finally support
for some of the more modern http options, which has always
been a weakness of wget. Thanks for that!</div>
<div><br>
</div>
<div>Regarding the certificate trust issue, if you want to
continue poking, check to see if you have
/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem</div>
<div>check to see if that's in
/etc/ssl/certs/ca-certificates.crt</div>
<div><br>
</div>
<div>If it is, try wget with --ca-certificate or --ca-directory
options and see if that helps.</div>
<div><br>
</div>
<div>Based on the error, <span style="font-family:monospace">ERROR:
cannot verify</span><span style="font-family:monospace"> </span><a
href="http://www.gutenberg.org%27s/" target="_blank"
style="font-family:monospace" moz-do-not-send="true">www.gutenberg.org's</a><span
style="font-family:monospace"> </span><span
style="font-family:monospace">certificate, issued by
‘CN=Network Solutions OV Server CA 2 </span><span
style="font-family:monospace">,O=Network Solutions
L.L.C.,L=Herndon,ST=VA,C=US’: </span> that should follow the
chain to CN = USERTrust RSA Certification Authority. Since
it's not, that would be where I would look. "sudo
update-ca-certificates -f" if you need to clean up
/etc/ssl/certs from old links.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Sun, Sep 18, 2022 at 9:26
AM Jim via PLUG-discuss <<a
href="mailto:plug-discuss@lists.phxlinux.org"
moz-do-not-send="true" class="moz-txt-link-freetext">plug-discuss@lists.phxlinux.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>I was looking in muon and found wget2. In the
description it says: GNU Wget2 is the successor of GNU
Wget. So I installed wget2 and tested it to find it
works. Do any other apps use wget? If so, could I
replace /usr/bin/wget with a symbolic link to
/usr/bin/wget2? I ask because I thought about using muon
to purge wget, but it warned me that a bunch of stuff
would also be removed, so I clicked cancel.<br>
</p>
<div>On 9/17/22 15:08, James Mcphee via PLUG-discuss wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">wget, curl, etc are compiled with gnu_tls
or openssl or libressl, or whatever. usually when
adding those config options, you'll have some vars for
distro-specific settings. anyway. in ubuntu,
ca-certificates is the pkg that holds your normal trust
stuff. update-ca-certificates is the command you'd use
to do the update. So, if you think you broke your trust
store, you could try update-ca-certificates, and if that
didn't work, a reinstall of ca-certificates.
specifically, what update-ca-certificates does is takes
the list from /etc/ca-certificates.conf from
/etc/ssl/certs and updates the various ca bundles like
the java cacerts and the ca-certificates.txt, and
anything else if the distro decided to use that in its
TLS/SSL config.</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Sat, Sep 17, 2022
at 11:46 AM Michael Butash via PLUG-discuss <<a
href="mailto:plug-discuss@lists.phxlinux.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">plug-discuss@lists.phxlinux.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div>Some quick searching as I don't often use wget,
it looks like it doesn't use local system certs,
and has no inherent trust to certs at all. If you
search "wget ssl certificates" like I just did,
you see others posting how to skip the check and
trust anyways, and various discussions wtf this is
even a thing still. Weird software caveat I'd say
it doesn't just reference system cert trusts, or
just hasn't felt the need to be updated in 20
years because you know, security is meh.<br>
</div>
<div><br>
</div>
<div>-mb</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Sat, Sep 17,
2022 at 10:40 AM Jim via PLUG-discuss <<a
href="mailto:plug-discuss@lists.phxlinux.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">plug-discuss@lists.phxlinux.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px
0px 0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<p>It's not just <a
href="http://ww.gutenberg.org"
target="_blank" moz-do-not-send="true">ww.gutenberg.org</a>.
That's an example of what happens no matter
what site I try to use wget on. About the
truststore, how do I add to or update it? I
decided to ask for help after trying to
install openwebrx following the instructions
here. <a
href="https://www.openwebrx.de/download/ubuntu.php"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://www.openwebrx.de/download/ubuntu.php</a>
Also I found out today that something similar
happens with youtube-dl. I tried to use it
today and this is what happened. Youtube-dl
works if I use the --no-check-certificate
option. <br>
</p>
<p><span style="font-family:monospace"><span
style="color:rgb(0,0,0);background-color:rgb(255,255,255)">$
youtube-dl <a
href="https://www.youtube.com/watch?v=VW3XQDDGhA4"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://www.youtube.com/watch?v=VW3XQDDGhA4</a>
</span><br>
[youtube] VW3XQDDGhA4: Downloading webpage <br>
<span
style="color:rgb(178,104,24);background-color:rgb(255,255,255)">WARNING:</span><span
style="color:rgb(0,0,0);background-color:rgb(255,255,255)"> Unable to
download webpage: <urlopen error [SSL:
CERTIFICATE_VERIFY_FAILED] certificate ver</span><br>
ify failed: unable to get local issuer
certificate (_ssl.c:1131)> <br>
[youtube] VW3XQDDGhA4: Downloading API JSON
<br>
<span
style="color:rgb(178,24,24);background-color:rgb(255,255,255)">ERROR:</span><span
style="color:rgb(0,0,0);background-color:rgb(255,255,255)"> Unable to
download API page: <urlopen error [SSL:
CERTIFICATE_VERIFY_FAILED] certificate
veri</span><br>
fy failed: unable to get local issuer
certificate (_ssl.c:1131)> (caused by
URLError(SSLCertVerifica<br>
tionError(1, '[SSL:
CERTIFICATE_VERIFY_FAILED] certificate
verify failed: unable to get local issuer<br>
certificate (_ssl.c:1131)')))<br>
<br>
<br>
</span></p>
<p><br>
</p>
<div>On 9/16/22 17:33, James Mcphee via
PLUG-discuss wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">check out the verification of
the cert chain. it works for me with a new
build of 20.04, so it might be that you need
to add or update your truststore.
<div>openssl s_client -connect <a
href="http://www.gutenberg.org:443"
target="_blank" moz-do-not-send="true">www.gutenberg.org:443</a>
< /dev/null | openssl x509 -text -noout<br>
</div>
<div><br>
</div>
<div>up there at the top, this is what it
looks like when it works</div>
<div>depth=2 C = US, ST = New Jersey, L =
Jersey City, O = The USERTRUST Network, CN
= USERTrust RSA Certification Authority<br>
verify return:1<br>
depth=1 C = US, ST = VA, L = Herndon, O =
Network Solutions L.L.C., CN = Network
Solutions OV Server CA 2<br>
verify return:1<br>
depth=0 C = US, ST = Utah, L = Salt Lake
City, O = Project Gutenberg Literary
Archive Foundation, CN = *.<a
href="http://gutenberg.org"
target="_blank" moz-do-not-send="true">gutenberg.org</a><br>
verify return:1<br>
DONE<br>
</div>
<div><br>
</div>
<div>I can see that i have that usertrust
network cert in /etc/ssl/certs, so all is
good. if i had to add one i'd have then
run update-ca-certicates.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri,
Sep 16, 2022 at 2:17 PM Jim via
PLUG-discuss <<a
href="mailto:plug-discuss@lists.phxlinux.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">plug-discuss@lists.phxlinux.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<p>This has been bugging me for a while,
but today it's annoying me to the
point I want to fix it. Wget gives me
an error whenever I try to use it. I
have no problem getting files using a
web browser. Here's an example.
Using firefox I was able to download
the file, but this can be a pain in
the butt when I'm trying to add a
repository. I have Ubuntu 20.04
installed.<br>
</p>
<p><br>
</p>
<p><span style="font-family:monospace"><span
style="color:rgb(0,0,0);background-color:rgb(255,255,255)">$ wget <a
href="https://www.gutenberg.org/ebooks/68992.epub.images"
target="_blank"
moz-do-not-send="true"
class="moz-txt-link-freetext">https://www.gutenberg.org/ebooks/68992.epub.images</a>
</span><br>
--2022-09-16 14:08:02-- <a
href="https://www.gutenberg.org/ebooks/68992.epub.images"
target="_blank"
moz-do-not-send="true"
class="moz-txt-link-freetext">https://www.gutenberg.org/ebooks/68992.epub.images</a>
<br>
Resolving <a
href="http://www.gutenberg.org"
target="_blank"
moz-do-not-send="true">www.gutenberg.org</a>
(<a href="http://www.gutenberg.org"
target="_blank"
moz-do-not-send="true">www.gutenberg.org</a>)...
152.19.134.47,
2610:28:3090:3000:0:bad:cafe:47 <br>
Connecting to <a
href="http://www.gutenberg.org"
target="_blank"
moz-do-not-send="true">www.gutenberg.org</a>
(<a href="http://www.gutenberg.org"
target="_blank"
moz-do-not-send="true">www.gutenberg.org</a>)|152.19.134.47|:443...
connected. <br>
ERROR: cannot verify <a
href="http://www.gutenberg.org's"
target="_blank"
moz-do-not-send="true">www.gutenberg.org's</a>
certificate, issued by ‘CN=Network
Solutions OV Server CA 2<br>
,O=Network Solutions
L.L.C.,L=Herndon,ST=VA,C=US’: <br>
Self-signed certificate
encountered. <br>
To connect to <a
href="http://www.gutenberg.org"
target="_blank"
moz-do-not-send="true">www.gutenberg.org</a>
insecurely, use
`--no-check-certificate'.<br>
<br>
Any idea how to fix this? thanks</span></p>
<p><span style="font-family:monospace"><br>
</span></p>
</div>
---------------------------------------------------<br>
PLUG-discuss mailing list: <a
href="mailto:PLUG-discuss@lists.phxlinux.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change
your mail settings:<br>
<a
href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss"
rel="noreferrer" target="_blank"
moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></blockquote>
</div>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr">James McPhee<br>
<a href="mailto:jmcphe@gmail.com"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">jmcphe@gmail.com</a></div>
<br>
<fieldset></fieldset>
<pre>---------------------------------------------------
PLUG-discuss mailing list: <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext">PLUG-discuss@lists.phxlinux.org</a>
To subscribe, unsubscribe, or to change your mail settings:
<a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></pre>
</blockquote>
</div>
---------------------------------------------------<br>
PLUG-discuss mailing list: <a
href="mailto:PLUG-discuss@lists.phxlinux.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail
settings:<br>
<a
href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss"
rel="noreferrer" target="_blank"
moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></blockquote>
</div>
---------------------------------------------------<br>
PLUG-discuss mailing list: <a
href="mailto:PLUG-discuss@lists.phxlinux.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail
settings:<br>
<a
href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss"
rel="noreferrer" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></blockquote>
</div>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr">James McPhee<br>
<a href="mailto:jmcphe@gmail.com" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">jmcphe@gmail.com</a></div>
<br>
<fieldset></fieldset>
<pre>---------------------------------------------------
PLUG-discuss mailing list: <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext">PLUG-discuss@lists.phxlinux.org</a>
To subscribe, unsubscribe, or to change your mail settings:
<a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></pre>
</blockquote>
</div>
---------------------------------------------------<br>
PLUG-discuss mailing list: <a
href="mailto:PLUG-discuss@lists.phxlinux.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a
href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></blockquote>
</div>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr" class="gmail_signature">James McPhee<br>
<a href="mailto:jmcphe@gmail.com" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">jmcphe@gmail.com</a></div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">---------------------------------------------------
PLUG-discuss mailing list: <a class="moz-txt-link-abbreviated" href="mailto:PLUG-discuss@lists.phxlinux.org">PLUG-discuss@lists.phxlinux.org</a>
To subscribe, unsubscribe, or to change your mail settings:
<a class="moz-txt-link-freetext" href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></pre>
</blockquote>
</body>
</html>