Why I can't download from HTTPS sites?

[embede12]

Hi, do I need something extra to have possibility for downloading stuff from HTTPS url's? HTTP works fine.

[no1xsyzy]

For lack of information, I have some fuzzy guesses.

1. Check the computer aria2 runs on. It should has all ca-certificates installed;
2. Some censorship stopped you from downloading from particular HTTPS sites;
3. That site just refused your request to download;
4. You typed wrong;
5. It is not actually possible to download without proper header, but your ISP cached the request and response wrongly.

[embede12]

Hi! Thanks for your reply, I'm very glad.

For lack of information, I have some fuzzy guesses.

Sorry for this, but I was tired after hours spent on searching solves for my issue.

1. Check the computer aria2 runs on. It should has all ca-certificates installed;

I don't know how I can do that. One thing what I only see when I'm doing research is installing SSL CA for Apache. I think I don't need Apache to have possibility for download files. But I think, here is the problem. I found somewhere a option, what I can write after URL, I mean --check-certificate=false. When I type this, download starting. When I'm trying download without this, I get this error:

$ aria2c -x 5 "https://xt7.pl/pobieraj/13da0d611da32a05225431b516f5e919/Sex.Education.2020.PL.S02E08.720p.NF.WEB-DL.X264-J.mkv" 01/21 07:55:49 [NOTICE] Downloading 1 item(s) 01/21 07:55:49 [NOTICE] CUID#7 - Redirecting to https://s4.rapiduservers.net/download/3fa39ef15df5fbfe1a6fc77437ef815bd5aa67a9/Sex.Education.2020.PL.S02E08.720p.NF.WEB-DL.X264-J.mkv 01/21 07:55:50 [ERROR] CUID#7 - Download aborted. URI=https://xt7.pl/pobieraj/13da0d611da32a05225431b516f5e919/Sex.Education.2020.PL.S02E08.720p.NF.WEB-DL.X264-J.mkvException: [AbstractCommand.cc:351] errorCode=1 URI=https://s4.rapiduservers.net/download/3fa39ef15df5fbfe1a6fc77437ef815bd5aa67a9/Sex.Education.2020.PL.S02E08.720p.NF.WEB-DL.X264-J.mkv-> [SocketCore.cc:1015] errorCode=1 SSL/TLS handshake failure: not signed by known authorities or invalid'issuer is not known'

2. Some censorship stopped you from downloading from particular HTTPS sites;

I think no.

3. That site just refused your request to download;

Nope or yes?

4. You typed wrong;

Nope

5. It is not actually possible to download without proper header, but your ISP cached the request and response wrongly. Nope

[no1xsyzy]

Yes it is 1. ca-certifactes problem. Not about Apache. TL;DR: You need find a package named like ca-certifactes for your distribution and install it. In case it is just accidentally not referenced correctly, it can be wired by hand with option --ca-certificate=<FILE>. Full explaination: All certificates are signed by another. A signs B means A trusts B, so if you trust A, then you probably would also trust B, and so on. This is called certificate chains. So who do you trust first? Root CAs. Without Root CAs, you don't have the basis of trust. On windows, it is included out of box. On Linux, it is a difficult question, every distribution does differently. Maybe out of box, maybe you need to install it with hand.

[embede12]

I have a little update, some url's are working but it depends from what site I'm trying to download. For example: This url doesn't work: https://xt7.pl/pobieraj/13da0d611da32a05225431b516f5e919/Sex.Education.2020.PL.S02E08.720p.NF.WEB-DL.X264-J.mkv This work: https://xt7.pl/pobieraj/323e46cfc5fcb661f4981ec26c143fce/Harry.Potter.and.the.Deathly.Hallows.Part.2.2011.PLDUB.BDRip.x264-MAXiM.mkv This doesn't work: https://linkerbot.pl/download/GkxBI900SJ/1The.Witcher.S01E02.2019.PL.DUAL.480p.WEB-DL.x264-MAXiM.mkv This work: https://xt7.pl/pobieraj/1e5231712870e0139918fda5a2f49f78/PlugInGuru.Airwave.V3.and.V%2526hellip%253Brar This work: https://s25.filebit.pl/plik-afed8e1d0ac2dd208ac1b904eea14286/RD/54399311/58199/the.path.s02e04.pl.720p.amzn.webrip.x264.ac3-kit.mkv This doesn't work: https://s6.rapiduservers.net/download/5e130c74571a0f6f0a773d568236a8bcd89948d7/Ready.or.Not.2019.PL.720p.BluRay.x264.AC3-KiT.mkv

Like you can see, some xt7.pl are working and some not. I didn't found any working url from rapiduservers or from linkerbot. Only some xt7 and all filebit's url's are working well.

I installed ca-certificates but nothing happen.

In case it is just accidentally not referenced correctly, it can be wired by hand with option --ca-certificate=.

I found some certificates in /etc/ssl/certs/ and this is a list of them

And I tried use ca-certificate=ca-certificates.crt but it's still not downloading. Maybe I need different certificates or this pages need some special certificates..

[no1xsyzy]

Sorry I should admit I might be wrong. If it had been the root certificate problem, no https would have worked. However, not signed by known authorities should be certificate problem. Maybe it is about a wrong configuration of xt7.pl. The maintainer of that site might be using some bad configuration. The worse situation is that there is some script kiddie MITM-ing you but they f*cked up and only jammed HTTPS without intervening it. Anyway, to debug this, it requires more skills, which I am not able to teach, even if I am able to debug by myself. To be short, curl -v <url> --output <localpath> will print a lot. When it failed, you can see what happens. What's more, it must be something like --ca-certificate=something.pem. Reference.

[embede12]

Anyway, to debug this, it requires more skills, which I am not able to teach, even if I am able to debug by myself.

Ok, you mean, we can't do anything more to fix that? It's dangerous to using option --check-certificate=false?

[no1xsyzy]

Nothing to do through this time-decoupled discussion. An instant communication method is required. However, we are at different timezone, so it is hard to find a time to do. If one more suggestion, I think asking tech support from xt7.pl will be better.

In short, use --check-certificate=false only when you know what you are doing. In long, learn how SSL/TLS works and what does it protect you from.