Package: www.debian.org Severity: normal Apologies if this is the wrong pseudo-package; I couldn't find one for archive.debian.org specifically.
Attempts to download a package from the archive.debian.org site using https with command line tools fail. These examples are performed on a bullseye host: $ wget https://archive.debian.org/debian/pool/main/a/apt/apt-transport-https_0.9.7.9+deb7u7_amd64.deb --2021-08-03 08:26:17-- https://archive.debian.org/debian/pool/main/a/apt/apt-transport-https_0.9.7.9+deb7u7_amd64.deb Resolving archive.debian.org (archive.debian.org)... 217.196.149.234, 193.62.202.28, 130.89.148.13, ... Connecting to archive.debian.org (archive.debian.org)|217.196.149.234|:443... connected. ERROR: The certificate of ‘archive.debian.org’ is not trusted. ERROR: The certificate of ‘archive.debian.org’ doesn't have a known issuer. The certificate's owner does not match hostname ‘archive.debian.org’ $ curl https://archive.debian.org/debian/pool/main/a/apt/apt-transport-https_0.9.7.9+deb7u7_amd64.deb > apt-transport-https_0.9.7.9+deb7u7_amd64.deb % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (60) SSL certificate problem: self signed certificate in certificate chain More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. If I go to https://archive.debian.org/debian/pool/main/a/apt/ in Google Chrome, I'm prompted with the standard warning about an invalid certificate; if I choose to go forward despite that, I get: Not Found The requested URL was not found on this server. Apache Server at archive.debian.org Port 443 Finally, I will note that it would be most helpful if the archive.debian.org site can be accessed directly by older systems using the apt-transport-https package. If this is impossible due to security concerns, then downloading the packages by hand on a newer system, and then moving them over to the older systems, would still be better than the current situation, which is that the packages are completely inaccessible in environments where plain http is blocked.
