发新话题
打印

wget curl无法识别 letsencrypt 颁发的SSL证书的解决办法

wget curl无法识别 letsencrypt 颁发的SSL证书的解决办法

以前的DST_Root_CA_X3.pem 2021年9月过期了,现在是R3,图形化浏览器软件一般没有问题,但命令行工具有问题,wget需要升级软件,curl需要更新SSL证书。

GNU Wget 1.19.2 等老版本无法识别 最新letsencrypt 颁发的SSL证书,需要升级wget(2022年是wget-1.21.3)
wget https://xxx.duckdns.org
ERROR: The certificate of 'xxx.duckdns.org' is not trusted.
ERROR: The certificate of 'xxx.duckdns.org' hasn't got a known issuer.


一、安装最新版本的wget软件:
apt reinstall wget

或者编译最新源代码:
apt install  pkg-config

apt-get install libghc-gnutls-dev

wget http://mirror.keystealth.org/gnu/wget/wget-latest.tar.gz
tar xzvfp wget-latest.tar.gz
cd wget-1.21.3/

./configure
make
make install
/usr/local/bin/wget -V

mv /usr/bin/wget /usr/bin/wget.old
hash -r


No package 'gnutls' found 解决办法
参考:http://insmoin.com/?post=23



二、debian 10 curl识别 最新letsencrypt 颁发的SSL证书
删除 DST_Root_CA_X3.pem 或 DST_Root_CA_X3.crt,
或者 编辑 /etc/ca-certificates.conf 文件,去掉 mozilla/DST_Root_CA_X3.crt
再重建:
cd /etc/ssl
rsync -av certs/  certs_bak
rm -rf certs
mkdir certs
# Checked that the file /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt didn't exist
update-ca-certificates

之后,curl https://xxx.duckdns.org 就可以了,但wget不行,需要升级软件(见上)。

# cat DST_Root_CA_X3.crt
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

参考:https://community.letsencrypt.org/t/ubuntu-18-04-and-wget-error-cannot-verify-certificate/165487/25

[ 本帖最后由 linda 于 2022-5-20 13:28 编辑 ]

TOP

发新话题