[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#22408: wget rejects Let's Encrypt certs, although Icecat accepts the
|
From: |
Leo Famulari |
|
Subject: |
bug#22408: wget rejects Let's Encrypt certs, although Icecat accepts them |
|
Date: |
Wed, 20 Jan 2016 00:03:49 -0500 |
|
User-agent: |
Mutt/1.5.24 (2015-08-30) |
On Tue, Jan 19, 2016 at 09:27:09AM -0500, Mark H Weaver wrote:
> On recent GuixSD, IceCat accepts the Let's Encrypt certificate from
> https://git.dthompson.us/, but 'wget' rejects it:
>
> address@hidden:~$ wget
> https://git.dthompson.us/presentations.git/blob/HEAD:/guix-blu-2016-01-20.pdf
> --2016-01-19 09:23:23--
> https://git.dthompson.us/presentations.git/blob/HEAD:/guix-blu-2016-01-20.pdf
> Resolving git.dthompson.us (git.dthompson.us)... 23.92.20.238
> Connecting to git.dthompson.us (git.dthompson.us)|23.92.20.238|:443...
> connected.
> ERROR: The certificate of ‘git.dthompson.us’ is not trusted.
> ERROR: The certificate of ‘git.dthompson.us’ hasn't got a known issuer.
I don't think this issue is specific to our packaging. On up-to-date
Debian testing, I have the same result from Debian's wget.
I don't know how good the ssllabs.com test is, but it did report some
errors while testing the domain.
Let's Encrypt certs can work in Debian's and Guix's wget. I could `wget
--https-only` from my domain with a Let's Encrypt cert with HTTP Strict
Transport Security enabled.
>
> Mark
>
>
>