24

When I try to run the wget command on http urls I get this error message:

ERROR: The certificate of `url' is not trusted.
ERROR: The certificate of `url' hasn't got a known issuer.
Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
Mordechai Hadad
  • 351
  • 1
  • 2
  • 4

3 Answers3

38

If you are using Debian or Ubuntu, install the ca-certificates package:

$ sudo apt-get install ca-certificates

If you don't care about checking the validity of the certificate, use the --no-check-certificate option:

$ wget --no-check-certificate https://download/url

Note: The second option is not recommended because of the possibility of a man-in-the-middle attack.

Freddy
  • 25,172
  • 1
  • 21
  • 60
Rakib
  • 2,347
  • 1
  • 17
  • 20
5

Per TFM for wget use the 

--no-check-certificate

option.

"Don't check the server certificate against the available certificate authorities. Also don't require the URL host name to match the common name presented by the certificate."

ivanivan
  • 4,870
  • 1
  • 9
  • 20
1

In my case, the root caused turned out to be an incorrect system date, which happened to be out of the certificate validity date range at the time of executing pip. This is related to the SSL library and not pip itself. Thus a simple wget or curl call to the offending URL will duplicate the issue.

Of course, I was also able to work around the issue quickly with --no-check--certificate (or equivalent) for wget and pip.

This might be a common case with working with SBC like RasberryPi/BeagleBone or any other system where a real-time clock (RTC) is not present out of the box. So lesson learned: Use NTP for to keep system time up-to-date whenever possible.

user425058
  • 11
  • 1