On Tue, Jan 19, 2016 at 09:27:09AM -0500, Mark H Weaver wrote: > On recent GuixSD, IceCat accepts the Let's Encrypt certificate from > https://git.dthompson.us/, but 'wget' rejects it: > > mhw@jojen:~$ wget > https://git.dthompson.us/presentations.git/blob/HEAD:/guix-blu-2016-01-20.pdf > --2016-01-19 09:23:23-- > https://git.dthompson.us/presentations.git/blob/HEAD:/guix-blu-2016-01-20.pdf > Resolving git.dthompson.us (git.dthompson.us)... 23.92.20.238 > Connecting to git.dthompson.us (git.dthompson.us)|23.92.20.238|:443... > connected. > ERROR: The certificate of ‘git.dthompson.us’ is not trusted. > ERROR: The certificate of ‘git.dthompson.us’ hasn't got a known issuer.
I don't think this issue is specific to our packaging. On up-to-date Debian testing, I have the same result from Debian's wget. I don't know how good the ssllabs.com test is, but it did report some errors while testing the domain. Let's Encrypt certs can work in Debian's and Guix's wget. I could `wget --https-only` from my domain with a Let's Encrypt cert with HTTP Strict Transport Security enabled. > > Mark > > >
