[solved] Download server running on an old certificate


#1

@gitea

Using wget to grab a binary I get this

wget -O gitea https://dl.gitea.io/gitea/1.6.0/gitea-1.6.0-linux-arm64

--2018-12-02 08:58:29--  https://dl.gitea.io/gitea/1.6.0/gitea-1.6.0-linux-arm64
Resolving dl.gitea.io (dl.gitea.io)... 104.27.143.155, 104.27.142.155, 2606:4700:30::681b:8e9b, ...
Connecting to dl.gitea.io (dl.gitea.io)|104.27.143.155|:443... connected.
ERROR: cannot verify dl.gitea.io's certificate, issued by ‘CN=COMODO ECC Domain Validation Secure Server CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
  Unable to locally verify the issuer's authority.
To connect to dl.gitea.io insecurely, use `--no-check-certificate'.

I see that gitea.io is using letsencrypt cert but it looks like dl.gitea.io is still using some old comodo cert??? I see you are running caddy for the dl web in which case maybe you just need to provide either your wildcard cert if that is what you have or get Caddy to grab a cert in the CaddyFile


#2

dl.gitea.io is running behind cloudflare, do you run into this issue with any other cloudflare sites?


#3

I have run into this when sites don’t have a valid cert for the https download server. I can’t say about cloudflare hosted sites but the host shouldn’t matter rather the webserver running therein. Which is why I mentioned Caddy as gitea dl webpage says in the header “power by caddy” where is where one needs to have a valid cert.

BTW I run a download site using caddy to which I have a letsencrypt cert. No problems with it and using wget to download. e.g. try wget https://download.kebler.net/hugo-update


#4

Not the gitea server’s issue. My install had a bad ca-certificates module installed and I had to reinstall. That removed the error.

sudo apt install --reinstall ca-certificates


#5