Two websites that I download data from using automated processes stopped giving me new data from October 1. When I investigated the problem, I could see an error message from the wget program in Linux:<\/p>\n
\nConnecting to SOME.HOSTNAME (SOME.HOSTNAME)|1.2.3.4|:443… connected.
\nERROR: cannot verify SOME.HOSTNAME’s certificate, issued by \u2018\/C=US\/O=Let’s Encrypt\/CN=R3\u2019:
\nIssued certificate has expired.
\nTo connect to SOME.HOSTNAME insecurely, use `–no-check-certificate’.<\/p><\/blockquote>\nThe quick fix, obviously, was to add the –no-check-certificat to the command line, which allows the download to go ahead, but what’s the root cause? My assumption was that the site owner had let an SSL certificate expire, but after it happened with a second site from the same date, I got suspicious. It turns out, Let’s Encrypt which is used by many websites for free encryption certificates previously had a certificate that expired on September 30 and which has been replaced by a new certificate but many pieces of software don’t retrieve the new certificate. That’s because it’s signed with a new root certificate that a lot of older software don’t trust yet. They need an updated of the root certificate store.
\nIn my case, running<\/p>\nsudo yum update<\/p><\/blockquote>\n
would update the ca-certificates package and that allowed wget to trust the new certificate.
\nPlease see these links for more information:<\/p>\n\n
- Sept. 30, 2021: Will we see trouble with old Let’s Encrypt certificates?<\/a> (Born’s Tech and Windows World)<\/li>\n
- Certificate Compatibility<\/a> (Let’s Encrypt)<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
Two websites that I download data from using automated processes stopped giving me new data from October 1. When I investigated the problem, I could see an error message from the wget program in Linux: Connecting to SOME.HOSTNAME (SOME.HOSTNAME)|1.2.3.4|:443… connected. … Continue reading