Curl / Wget: Certificate expired error
morevnaproject opened this issue · comments
Konstantin Dmitriev commented
When I am using curl or wget inside of container to download some files it gives me certificate error:
wget https://pkgconfig.freedesktop.org/releases/pkg-config-0.29.2.tar.gz
--2022-01-08 03:41:05-- https://pkgconfig.freedesktop.org/releases/pkg-config-0.29.2.tar.gz
Resolving pkgconfig.freedesktop.org (pkgconfig.freedesktop.org)... 131.252.210.176, 2610:10:20:722:a800:ff:feda:470f
Connecting to pkgconfig.freedesktop.org (pkgconfig.freedesktop.org)|131.252.210.176|:443... connected.
ERROR: The certificate of 'pkgconfig.freedesktop.org' is not trusted.
ERROR: The certificate of 'pkgconfig.freedesktop.org' has expired.
curl https://pkgconfig.freedesktop.org/releases/pkg-config-0.29.2.tar.gz -o test.tar.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
Konstantin Dmitriev commented
This issue gets fixed by updating SSL/TLS packages.
For Curl:
apt-get -yq update
apt-get -yq install libssl1.0.2
For Wget:
apt-get -yq update
apt-get -yq install openssl libgnutls30
Note: I have found this combination of packages by running apt-get -yq update && apt-get -yq upgrade
command. Though, the command took too long, as it updated many other packages. So I have found "guilty" packages by checking every updated package manually and listed them above to save time. I hope you will find it useful and consider updating Docker images too. Thank you!