GNU bug report logs - #22408
wget rejects Let's Encrypt certs, although Icecat accepts them

Previous Next

Package: guix;

Reported by: Mark H Weaver <mhw <at> netris.org>

Date: Tue, 19 Jan 2016 14:28:02 UTC

Severity: normal

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Leo Famulari <leo <at> famulari.name>
To: Mark H Weaver <mhw <at> netris.org>
Cc: 22408 <at> debbugs.gnu.org
Subject: bug#22408: wget rejects Let's Encrypt certs, although Icecat accepts them
Date: Wed, 20 Jan 2016 00:03:49 -0500

On Tue, Jan 19, 2016 at 09:27:09AM -0500, Mark H Weaver wrote:
> On recent GuixSD, IceCat accepts the Let's Encrypt certificate from
> https://git.dthompson.us/, but 'wget' rejects it:
> 
>   mhw <at> jojen:~$ wget https://git.dthompson.us/presentations.git/blob/HEAD:/guix-blu-2016-01-20.pdf
>   --2016-01-19 09:23:23--  https://git.dthompson.us/presentations.git/blob/HEAD:/guix-blu-2016-01-20.pdf
>   Resolving git.dthompson.us (git.dthompson.us)... 23.92.20.238
>   Connecting to git.dthompson.us (git.dthompson.us)|23.92.20.238|:443... connected.
>   ERROR: The certificate of ‘git.dthompson.us’ is not trusted.
>   ERROR: The certificate of ‘git.dthompson.us’ hasn't got a known issuer.

I don't think this issue is specific to our packaging. On up-to-date
Debian testing, I have the same result from Debian's wget.

I don't know how good the ssllabs.com test is, but it did report some
errors while testing the domain.

Let's Encrypt certs can work in Debian's and Guix's wget. I could `wget
--https-only` from my domain with a Let's Encrypt cert with HTTP Strict
Transport Security enabled.


> 
>       Mark
> 
> 
>
This bug report was last modified 8 years and 74 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.