Ubuntu – Wget interrupted by a certificate problem

certificateswget

I wanted to download a file using wget https://curl.haxx.se/download/archeology/curl-7.16.2.tar.gz. Done that from a friend's PC and got no errors.

However, when trying to do so from my PC, on which I played a bit with certificates, while establishing an FTPS client, I got this error:

ERROR: cannot verify curl.haxx.se's certificate, issued by '=== MY CERTIFICATE DETAILS ===':
  Unable to locally verify the issuer's authority.
To connect to curl.haxx.se insecurely, use `--no-check-certificate'.

I used the --no-check-certificate to overcome this and it went fine, but my question is, why did this error pop up? I didn't ask for a secure connection, simply wget – which does no secure checks, from what I saw on my friend's PC.

How can I prevent this error in future downloads? (solving the underline cause, not using the --no-check-certificate)

EDIT:

$ apt-cache policy wget
wget:
  Installed: 1.15-1ubuntu1.14.04.1
  Candidate: 1.15-1ubuntu1.14.04.1
  Version table:
 *** 1.15-1ubuntu1.14.04.1 0
        500 http://172.18.177.211/14.04.3/mirror/archive.ubuntu.com/ubuntu/ trusty-updates/main i386 Packages
        500 http://172.18.177.211/14.04.3/mirror/archive.ubuntu.com/ubuntu/ trusty-security/main i386 Packages
        100 /var/lib/dpkg/status
     1.15-1ubuntu1 0
        500 http://172.18.177.211/14.04.3/mirror/archive.ubuntu.com/ubuntu/ trusty/main i386 Packages

$ apt-cache policy libssl1.0.0 ca-certificates
libssl1.0.0:
  Installed: 1.0.1f-1ubuntu2.15
  Candidate: 1.0.1f-1ubuntu2.15
  Version table:
 *** 1.0.1f-1ubuntu2.15 0
        500 http://172.18.177.211/14.04.3/mirror/archive.ubuntu.com/ubuntu/ trusty-updates/main i386 Packages
        500 http://172.18.177.211/14.04.3/mirror/archive.ubuntu.com/ubuntu/ trusty-security/main i386 Packages
        100 /var/lib/dpkg/status
     1.0.1f-1ubuntu2 0
        500 http://172.18.177.211/14.04.3/mirror/archive.ubuntu.com/ubuntu/ trusty/main i386 Packages
ca-certificates:
  Installed: 20141019ubuntu0.14.04.1
  Candidate: 20141019ubuntu0.14.04.1
  Version table:
 *** 20141019ubuntu0.14.04.1 0
        500 http://172.18.177.211/14.04.3/mirror/archive.ubuntu.com/ubuntu/ trusty-updates/main i386 Packages
        500 http://172.18.177.211/14.04.3/mirror/archive.ubuntu.com/ubuntu/ trusty-security/main i386 Packages
        100 /var/lib/dpkg/status
     20130906ubuntu2 0
        500 http://172.18.177.211/14.04.3/mirror/archive.ubuntu.com/ubuntu/ trusty/main i386 Packages

Best Answer

You can preconfigure your wget calls in /etc/wgetrc or for a specific user in ~/.wgetrc. Perhaps on your friend's PC one of these files contained the directive

check_certificate = on/off

Further options see https://www.gnu.org/software/wget/manual/wget.html#Startup-File

Related Question