Le vendredi 01 octobre 2021 à 19:09 +0200, Thomas Schmitt a écrit :
> Hi,
>
> new certification problem, this time on buster.
>
> While looking why wget on Debian 8 does not work with
> lists.debian.org
> i learn that it does not work on Debian 10 either:
>
> $ wget -d https://lists.debian.org/debian-user/
> DEBUG output created by Wget 1.20.1 on linux-gnu.
>
> Reading HSTS entries from /home/thomas/.wget-hsts
> URI encoding = ‘UTF-8’
> Converted file name 'index.html' (UTF-8) -> 'index.html' (UTF-8)
> --2021-10-01 18:51:06-- https://lists.debian.org/debian-user/
> Certificates loaded: 126
> Resolving lists.debian.org (lists.debian.org)...
> 2001:41b8:202:deb:216:36ff:fe40
> Caching lists.debian.org => 2001:41b8:202:deb:216:36ff:fe40:4002
> 82.195.75.100
> Connecting to lists.debian.org
> (lists.debian.org)|2001:41b8:202:deb:216:36ff:fec
> Created socket 3.
> Releasing 0x00005560a217b5d0 (new refcount 1).
> ERROR: The certificate of ‘lists.debian.org’ is not trusted.
> ERROR: The certificate of ‘lists.debian.org’ has expired.
>
> Firefox works without problems.
> The number of 126 certificates would match /etc/ssl/certs.
>
> It's really on buster:
>
> $ lsb_release -a
> No LSB modules are available.
> Distributor ID: Debian
> Description: Debian GNU/Linux 10 (buster)
> Release: 10
> Codename: buster
>
> The kernel is a modified 5.10.rc3 (i should upgrade to Debian 11 and
> apply my patches to its kernel source).
>
> Is this reproducible on other busters ?
>
>
> Have a nice day :)
>
> Thomas
>
>
Hello,
- As it has already been said, Firefox does not use ca-certificates
- it seems that sometimes upgrades to a new version of ca-certificates
do not automatically enable all new certificates. I would suggest you
to do a dpkg-reconfigure of ca-certificates to verify what is proposed
and what you want to enable, perhaps this will solve your wget problem
