search

boypt / openssh-rpms

A script to backport openssh rpm package from upstream.
287 stars 103 forks source link

wget refuses Let's Encrypt #3

Closed obaratch closed 8 months ago

obaratch commented 1 year ago

sorry I don't have time to make PR but here is quick note.

on CentOS release 6.10 (Final)

pullsrc failed like this,

$ ./pullsrc.sh 
/usr/local/src/openssh-rpms/downloads /usr/local/src/openssh-rpms
Get: https://www.openssl.org/source//openssl-1.1.1t.tar.gz
--2023-04-14 11:03:07--  https://www.openssl.org/source//openssl-1.1.1t.tar.gz
Resolving www.openssl.org... 104.78.99.80, 2600:140b:2:9a6::c1e, 2600:140b:2:9a4::c1e
Connecting to www.openssl.org|104.78.99.80|:443... connected.
ERROR: cannot verify www.openssl.org’s certificate, issued by “/C=US/O=Let's Encrypt/CN=R3”:
  Issued certificate has expired.
To connect to www.openssl.org insecurely, use ‘--no-check-certificate’.
Aborted, error 5 in command: wget $OPENSSLMIR/$OPENSSLSRC

It seems wget and ca-certificate are too old on CentOS6.

$ wget https://www.openssl.org/source//openssl-1.1.1t.tar.gz
--2023-04-14 11:04:28--  https://www.openssl.org/source//openssl-1.1.1t.tar.gz
Resolving www.openssl.org... 104.78.99.80, 2600:140b:2:9a6::c1e, 2600:140b:2:9a4::c1e
Connecting to www.openssl.org|104.78.99.80|:443... connected.
ERROR: cannot verify www.openssl.org’s certificate, issued by “/C=US/O=Let's Encrypt/CN=R3”:
  Issued certificate has expired.
To connect to www.openssl.org insecurely, use ‘--no-check-certificate’.

FYI, quick googling told me using curl instead may fix this.

boypt commented 1 year ago

As the error prompted, adding --no-check-certificate to wget could fix it. Or you can download the file manually by browser and put it into the downloads folder.

Or, replace the OPENSSLMIR variable with a HTTP/FTP site, as listed in the official page: https://www.openssl.org/source/mirror.html