同样的问wget 因证书问题而中断:
do-release-upgrade16.04 至 18.01之后
Failed to connect to https://changelogs.ubuntu.com/meta-release-lts.
Check your Internet connection or proxy settings
wget https://changelogs.ubuntu.com/meta-release-lts
--2018-09-15 08:03:41-- https://changelogs.ubuntu.com/meta-release-lts
Resolving changelogs.ubuntu.com (changelogs.ubuntu.com)... 91.189.95.15, 2001:67c:1560:8008::11
Connecting to changelogs.ubuntu.com (changelogs.ubuntu.com)|91.189.95.15|:443... connected.
ERROR: cannot verify changelogs.ubuntu.com's certificate, issued by ‘CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US’:
Unable to locally verify the issuer's authority.
To connect to changelogs.ubuntu.com insecurely, use `--no-check-certificate'.
另外(以 root 身份):
# update-ca-certificates
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
# wget https://www.google.com/
--2018-09-16 16:54:31-- https://www.google.com/
Resolving www.google.com (www.google.com)... 216.58.201.164, 2a00:1450:4003:80a::2004
Connecting to www.google.com (www.google.com)|216.58.201.164|:443... connected.
ERROR: cannot verify www.google.com's certificate, issued by ‘CN=Google Internet Authority G3,O=Google Trust Services,C=US’:
Unable to locally verify the issuer's authority.
To connect to www.google.com insecurely, use `--no-check-certificate'.
更新2018-10-23:
openssl s_client -connect www.google.com:443 -debug
失败
openssl s_client -connect www.google.com:443 --debug --CApath /etc/ssl/certs/
作品
wget https://www.google.com/ --ca-directory=/etc/ssl/certs/
有效,那么为什么默认的 ca 目录不行/etc/ssl/certs/?我应该设置它吗?
新更新并解决:
strace -e openat wget https://your-url
看到是使用了/usr/local/lib/libssl.so.1.1,于是就找到一个安装在的openssl /usr/local,将其删除之后,问题解决。
谢谢
答案1
答案2
您曾经自己编译并安装了 openssl 并且它仍然存在或者您可能删除了该安装:
如果 foldef/usr/local/ssl/存在,则检查文件/usr/local/ssl/cert.pem是否存在,如果不存在则运行:
sudo ln -s /etc/ssl/certs/ca-certificates.crt /usr/local/ssl/cert.pem
答案3
我已经安装了。它适用于 Ubuntu 16.4 LTS
sudo apt-get install ca-certificates
答案4
我遇到了同样的问题。经过多次检查后,我执行了以下操作,然后修复了 https wget 连接的证书错误。
证书路径中缺少所需的根 CA 证书数量
root@SINGPWEBSERVER:~# cd /usr/lib/ssl/certs
root@SINGPWEBSERVER:/usr/lib/ssl/certs# ls -l | wc -l
12
使用以下命令安装所有证书(选择所有证书)
root@SINGPWEBSERVER:/usr/lib/ssl/certs# sudo dpkg-reconfigure ca-certificates
执行上述提取命令后,所有需要的 HTTPS 连接 CA 证书均已安装
root@SINGPWEBSERVER:/usr/lib/ssl/certs# ls -l | wc -l
270
找到https连接成功的结果供大家参考
root@SINGPWEBSERVER:/tmp# wget https://www.google.com/
--2021-07-28 15:23:19-- https://www.google.com/
Resolving www.google.com (www.google.com)... 142.250.204.68, 2404:6800:4005:813::2004
Connecting to www.google.com (www.google.com)|142.250.204.68|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html.6’
index.html.6 [ <=> ] 15.45K --.-KB/s in 0.001s
2021-07-28 15:23:19 (21.9 MB/s) - ‘index.html.6’ saved [15821]