wget 在某些计算机上不接受 HTTPS 证书(来自 letsencrypt),但在其他计算机上接受

wget 在某些计算机上不接受 HTTPS 证书(来自 letsencrypt),但在其他计算机上接受

我有以下情况:

在我的 www 服务器 ( Apache2, ) 上,我拥有颁发的Debian armhfHTTPS 证书。从浏览器 ( , ) 访问服务器时一切正常,但当我尝试或时,HTTPS 证书未被接受。letsencrypt.orgcertbot
FirefoxChromiumgitwget

但是我只能在部分电脑上观察到这种情况,我尝试过这种方法,但在其他电脑上没有。5
台电脑的输出:
电脑 0 和 4(不工作):

0.b:~> wget https://rnk.bicyclesonthemoon.info
--2023-05-12 00:12:47--  https://rnk.bicyclesonthemoon.info/
Resolving rnk.bicyclesonthemoon.info (rnk.bicyclesonthemoon.info)... 192.168.1.4
Connecting to rnk.bicyclesonthemoon.info (rnk.bicyclesonthemoon.info)|192.168.1.4|:443... connected.
ERROR: The certificate of ‘rnk.bicyclesonthemoon.info’ is not trusted.
ERROR: The certificate of ‘rnk.bicyclesonthemoon.info’ has expired.
4.b:~> wget https://rnk.bicyclesonthemoon.info
--2023-05-12 02:14:32--  https://rnk.bicyclesonthemoon.info/
Resolving rnk.bicyclesonthemoon.info (rnk.bicyclesonthemoon.info)... 192.168.1.4
Connecting to rnk.bicyclesonthemoon.info (rnk.bicyclesonthemoon.info)|192.168.1.4|:443... connected.
ERROR: The certificate of ‘rnk.bicyclesonthemoon.info’ is not trusted.
ERROR: The certificate of ‘rnk.bicyclesonthemoon.info’ has expired.

计算机 1、2 和 6(工作)

1a.b:/botm/tmp> wget https://rnk.bicyclesonthemoon.info
--2023-05-12 00:06:07--  https://rnk.bicyclesonthemoon.info/
Resolving rnk.bicyclesonthemoon.info (rnk.bicyclesonthemoon.info)... 127.0.0.1
Connecting to rnk.bicyclesonthemoon.info (rnk.bicyclesonthemoon.info)|127.0.0.1|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 226 [text/html]
Saving to: ‘index.html’

index.html          100%[===================>]     226  --.-KB/s    in 0s      

2023-05-12 00:06:07 (732 KB/s) - ‘index.html’ saved [226/226]
2.b:~> wget https://rnk.bicyclesonthemoon.info
--2023-05-12 02:17:10--  https://rnk.bicyclesonthemoon.info/
Resolving rnk.bicyclesonthemoon.info (rnk.bicyclesonthemoon.info)... 192.168.1.4
Connecting to rnk.bicyclesonthemoon.info (rnk.bicyclesonthemoon.info)|192.168.1.4|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 226 [text/html]
Saving to: ‘index.html’

index.html          100%[===================>]     226  --.-KB/s    in 0.005s  

2023-05-12 02:17:10 (46.6 KB/s) - ‘index.html’ saved [226/226]
6.b:~> wget https://rnk.bicyclesonthemoon.info
--2023-05-12 02:18:01--  https://rnk.bicyclesonthemoon.info/
Resolving rnk.bicyclesonthemoon.info (rnk.bicyclesonthemoon.info)... 192.168.1.4
Connecting to rnk.bicyclesonthemoon.info (rnk.bicyclesonthemoon.info)|192.168.1.4|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 226 [text/html]
Saving to: ‘index.html’

index.html          100%[===================>]     226  --.-KB/s    in 0s      

2023-05-12 02:18:01 (15.7 MB/s) - ‘index.html’ saved [226/226]

有趣的是,计算机 2 和 4 具有相同的操作系统(Debian 10,但 2 是 32 位,4 是 64 位),相同的版本wget(1.21.2)并且位于同一个本地网络中,并且其中一台(2)仍然接受证书,而在另一台(4)上则不接受

以下是相关apache配置:

/etc/apache2/sites-available/botm.conf

# Manage BOTM sites externally:
IncludeOptional /botm/etc/www/sites/*.conf

/botm/etc/www/sites/rnk.bicyclesonthemoon.info-ssl.conf

<VirtualHost *:443>
    ServerName rnk.bicyclesonthemoon.info
    Include /botm/etc/www/conf/ssl-certbot-botm.conf
    Include /botm/etc/www/conf/rnk.conf
</VirtualHost>

/botm/etc/www/conf/ssl-certbot-botm.conf

SSLEngine On
SSLCertificateKeyFile /botm/etc/certbot/live/botm/privkey.pem
SSLCertificateFile /botm/etc/certbot/live/botm/cert.pem
SSLCertificateChainFile /botm/etc/certbot/live/botm/chain.pem

最初,我没有SSLCertificateChainFile添加,并被告知这是原因。但添加这个并没有帮助。
我也看到过我应该使用它fullchain.pem来代替,但这也没有任何帮助。

此时我很困惑,我不知道如何继续,如何调试,解决。

相关内容