Same problem as wget interrupted by a certificate problem:
After do-release-upgrade
from 16.04 to 18.01
Failed to connect to https://changelogs.ubuntu.com/meta-release-lts.
Check your Internet connection or proxy settings
wget https://changelogs.ubuntu.com/meta-release-lts
--2018-09-15 08:03:41-- https://changelogs.ubuntu.com/meta-release-lts
Resolving changelogs.ubuntu.com (changelogs.ubuntu.com)... 91.189.95.15, 2001:67c:1560:8008::11
Connecting to changelogs.ubuntu.com (changelogs.ubuntu.com)|91.189.95.15|:443... connected.
ERROR: cannot verify changelogs.ubuntu.com's certificate, issued by ‘CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US’:
Unable to locally verify the issuer's authority.
To connect to changelogs.ubuntu.com insecurely, use `--no-check-certificate'.
Also (as root):
# update-ca-certificates
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
# wget https://www.google.com/
--2018-09-16 16:54:31-- https://www.google.com/
Resolving www.google.com (www.google.com)... 216.58.201.164, 2a00:1450:4003:80a::2004
Connecting to www.google.com (www.google.com)|216.58.201.164|:443... connected.
ERROR: cannot verify www.google.com's certificate, issued by ‘CN=Google Internet Authority G3,O=Google Trust Services,C=US’:
Unable to locally verify the issuer's authority.
To connect to www.google.com insecurely, use `--no-check-certificate'.
Update 2018-10-23:
openssl s_client -connect www.google.com:443 -debug
fails
openssl s_client -connect www.google.com:443 --debug --CApath /etc/ssl/certs/
works
wget https://www.google.com/ --ca-directory=/etc/ssl/certs/
works, so why is the default ca-directory not /etc/ssl/certs/
? and do I set it?
New Update and solved:
strace -e openat wget https://your-url
I saw that it was using /usr/local/lib/libssl.so.1.1
, so I found one openssl installed on /usr/local
, and after deleting it, the problem was fixed.
Thanks
Best Answer
The thread: Problem with certificates helped me to solve the problem.
user mirabilos explain the commands to reinstall the ca-certificates