[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: curl server certificate verification failed for a few sites

From: Jack Hill
Subject: Re: curl server certificate verification failed for a few sites
Date: Thu, 4 Jun 2020 10:40:55 -0400 (EDT)
User-agent: Alpine 2.20 (DEB 67 2015-01-07)

On Thu, 4 Jun 2020, Giovanni Biscuolo wrote:

Hello Guix,

--8<---------------cut here---------------end--------------->8---

I'm having a strange error with curl from Guix (on a foreign distro):

--8<---------------cut here---------------start------------->8---
giovanni@roquette: curl -I
curl: (60) server certificate verification failed. CAfile: 
 CRLfile: none
More details here:

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
--8<---------------cut here---------------end--------------->8---


I think that this is due to the recent AdTrust Root CA cert expiration [0]. The error wget gives is a little bit better, but you know about the situation to interpret it correctly:

$ wget ""; -O /dev/null
--2020-06-04 10:37:29--
Resolving (,,, ... Connecting to (||:443... connected.
ERROR: The certificate of ‘’ is not trusted.
ERROR: The certificate of ‘’ has expired.

In my experience, sometimes this cert expiration is easy to miss by site administrators or others connecting to the site if they have one of the intermediate certificates in their trust store. Our nss-certs package tends not to have such intermediates.

Therefore, I think the fix is for to update the certificate chain/bundle that they are sending.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]