Leo Famulari <l...@famulari.name> writes: > On Tue, Jan 19, 2016 at 09:27:09AM -0500, Mark H Weaver wrote: >> On recent GuixSD, IceCat accepts the Let's Encrypt certificate from >> https://git.dthompson.us/, but 'wget' rejects it: >> >> mhw@jojen:~$ wget >> https://git.dthompson.us/presentations.git/blob/HEAD:/guix-blu-2016-01-20.pdf >> --2016-01-19 09:23:23-- >> https://git.dthompson.us/presentations.git/blob/HEAD:/guix-blu-2016-01-20.pdf >> Resolving git.dthompson.us (git.dthompson.us)... 23.92.20.238 >> Connecting to git.dthompson.us (git.dthompson.us)|23.92.20.238|:443... >> connected. >> ERROR: The certificate of ‘git.dthompson.us’ is not trusted. >> ERROR: The certificate of ‘git.dthompson.us’ hasn't got a known issuer. > > I don't think this issue is specific to our packaging. On up-to-date > Debian testing, I have the same result from Debian's wget. > > I don't know how good the ssllabs.com test is, but it did report some > errors while testing the domain. > > Let's Encrypt certs can work in Debian's and Guix's wget. I could `wget > --https-only` from my domain with a Let's Encrypt cert with HTTP Strict > Transport Security enabled. > >
I could run on debian testing, last updated 16 hours ago, the following without issues: wget https://gedankenausbruch.com/downloadbereich/Hinweis%20beim%20Download.txt running gnurl -O https://gedankenausbruch.com/downloadbereich/Hinweis%20beim%20Download.txt on up-to-date guixsd did work too. gedankenausbruch.com is signed by let's encrypt too: https://www.ssllabs.com/ssltest/analyze.html?d=gedankenausbruch.com This doesn't prove anything, but I guess it's no bug but misconfiguration at dthompson.us ? >> >> Mark >> >> >> > > > -- ng/ni* vcard: http://krosos.sdf.org
