Curl / Wget: Certificate expired error

Question

Curl / Wget: Certificate expired error

morevnaproject opened this issue 2 years ago · comments

Konstantin Dmitriev commented 2 years ago

When I am using curl or wget inside of container to download some files it gives me certificate error:

wget https://pkgconfig.freedesktop.org/releases/pkg-config-0.29.2.tar.gz
--2022-01-08 03:41:05--  https://pkgconfig.freedesktop.org/releases/pkg-config-0.29.2.tar.gz
Resolving pkgconfig.freedesktop.org (pkgconfig.freedesktop.org)... 131.252.210.176, 2610:10:20:722:a800:ff:feda:470f
Connecting to pkgconfig.freedesktop.org (pkgconfig.freedesktop.org)|131.252.210.176|:443... connected.
ERROR: The certificate of 'pkgconfig.freedesktop.org' is not trusted.
ERROR: The certificate of 'pkgconfig.freedesktop.org' has expired.

curl https://pkgconfig.freedesktop.org/releases/pkg-config-0.29.2.tar.gz -o test.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

Konstantin Dmitriev · Answer 1 · Sun Jan 09 2022 10:52:56 GMT+0800 (China Standard Time)

This issue gets fixed by updating SSL/TLS packages.

For Curl:

apt-get -yq update
apt-get -yq install libssl1.0.2

For Wget:

apt-get -yq update
apt-get -yq install openssl libgnutls30

Note: I have found this combination of packages by running apt-get -yq update && apt-get -yq upgrade command. Though, the command took too long, as it updated many other packages. So I have found "guilty" packages by checking every updated package manually and listed them above to save time. I hope you will find it useful and consider updating Docker images too. Thank you!