Wget和Curl停止使用HTTPS。错误地抱怨证书过期 [英] Wget and Curl stopped working with HTTPS. Wrongly complain about an expired certificate
问题描述
我有一个脚本每天在Ubuntu 14.04服务器上运行。该脚本是一个简单的wget命令,可以从远程服务器下载文件并将其保存到本地文件系统:
I have a script that runs every day on an Ubuntu 14.04 server. The script is a simple wget command that downloads a file from a remote server and saves it to the local file system:
wget https://example.com/resources/scripts/myfile.php -O myfile.php
它具有工作了好几个月,直到今天早晨突然运行时,我得到:
It has worked fine for months until this morning when suddenly when I run it I get:
--2020-05-30 11:57:16-- https://example.com/resources/scripts/myfile.php
Resolving example.com (example.com)... xx.xx.xx.xx
Connecting to example.com (example.com)|xx.xx.xx.xx|:443... connected.
ERROR: cannot verify example.com's certificate, issued by ‘/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA’:
Issued certificate has expired.
To connect to example.com insecurely, use `--no-check-certificate'.
该域的SSL有效,有效期至2022年1月。在这方面没有任何改变。但是,wget却以某种方式不再看到它。
The SSL for the domain is valid and expires in Jan. 2022. Nothing has changed on that front. And yet somehow wget no longer sees that.
这是另一个有趣的事实。如果我在Ubuntu 18机器上运行相同的命令,它就像一个咒语,没有任何抱怨。这说明我的Ubuntu 14.04计算机出了点问题。
Here is another interesting fact. If I run this same exact command on an Ubuntu 18 box, it works like a charm without any complaints. This tells me something is wrong with my Ubuntu 14.04 machine.
Curl会产生相同的错误:
Curl produces the same error:
curl https://example.com
curl: (60) SSL certificate problem: certificate has expired
这篇文章提示证书捆绑包已过期。我已经下载了建议的PEM文件,并通过指定--ca-certificate = cacert.pem选项尝试运行wget,但无济于事。
This post suggest that the certificate bundle is out of date. I have downloaded the suggested PEM file and tried running wget with by specifying the --ca-certificate=cacert.pem option, but to no avail.
我也尝试了正在运行: apt安装ca-certificates 和 update-ca-certificates ,但这都不起作用。
I have also tried running: apt install ca-certificates and update-ca-certificates, but that did not work either.
同样,在Ubuntu 18盒上一切正常,但在Ubuntu 14或16上却不能正常工作。为什么直到今天早晨,我知道没人碰过盒子,它还是可以正常工作?显然有些东西已经过时了,但是我似乎无法弄清楚该如何解决。
Again, everything works great on an Ubuntu 18 box, but not Ubuntu 14 or 16. Also why did it work fine until this morning when I know nobody has touched the box? Clearly something is out of date, but I can't seem to figure out how to fix it.
有人有任何建议吗?
推荐答案
在Ubuntu 14.04上,编辑ca-certificates.conf的方法不适用于我。
的工作原理:
Like the original poster the method of editing ca-certificates.conf did not work for me on Ubuntu 14.04. What did work:
-
运行sudo dpkg-重新配置ca证书
Run sudo dpkg-reconfigure ca-certificates
取消选择问题CA:AddTrust_External_Root
Deselect the problem CA: AddTrust_External_Root
按OK
我的理解是删除 AddTrust_External_Root 的过期CA和较新的CA USERTrust_RSA_Certification_Authority 。
My understanding is that deletes the expired CA of AddTrust_External_Root and the newer CA USERTrust_RSA_Certification_Authority is used instead.
这篇关于Wget和Curl停止使用HTTPS。错误地抱怨证书过期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
