[chirp_users] chirp download problem
I have a script which I use to keep fldigi updated. It works by making a temporary copy the download page URL, using grep to extract the name of the latest tar.gz file, and then downloading and installing that file.
However, wget now fails ... complaining about an expired certificate (see output below). Can an updated certificate be installed on the web server?
Thanks, Steve
- - - - -
$ wget -nc https://trac.chirp.danplanet.com/chirp_daily/LATEST --2017-12-26 10:32:43-- https://trac.chirp.danplanet.com/chirp_daily/LATEST Resolving trac.chirp.danplanet.com (trac.chirp.danplanet.com)... 50.116.5.251 Connecting to trac.chirp.danplanet.com (trac.chirp.danplanet.com)|50.116.5.251|:443... connected. ERROR: The certificate of ‘trac.chirp.danplanet.com’ is not trusted. ERROR: The certificate of ‘trac.chirp.danplanet.com’ hasn't got a known issuer.
- - - - -
On Tue, Dec 26, 2017 at 11:00 AM, CN85rq chirp-info@aberle.net wrote:
I have a script which I use to keep fldigi updated. It works by making a temporary copy the download page URL, using grep to extract the name of the latest tar.gz file, and then downloading and installing that file.
However, wget now fails ... complaining about an expired certificate (see output below). Can an updated certificate be installed on the web server?
Looks like it's using a free cert from "Let's Encrypt", and may not be setup quite right (it doesn't appear to be supplying the intermediate CA cert). If you're not worried about security (e.g. someone trying to pretend to be danplanet.com and offer you a trojan horse), you could add "--no-check-certificate" to your wget command to work around this...
73,
~iain / N6ML
On Tue, Dec 26, 2017 at 12:26 PM, iain macdonnell - N6ML ar@dseven.org wrote:
On Tue, Dec 26, 2017 at 11:00 AM, CN85rq chirp-info@aberle.net wrote:
I have a script which I use to keep fldigi updated. It works by making a temporary copy the download page URL, using grep to extract the name of the latest tar.gz file, and then downloading and installing that file.
However, wget now fails ... complaining about an expired certificate (see output below). Can an updated certificate be installed on the web server?
Looks like it's using a free cert from "Let's Encrypt", and may not be setup quite right (it doesn't appear to be supplying the intermediate CA cert). If you're not worried about security (e.g. someone trying to pretend to be danplanet.com and offer you a trojan horse), you could add "--no-check-certificate" to your wget command to work around this...
Actually, better workaround, without the security concern would be:
# do this once, and store it somewhere wget https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt
# then... wget --ca-certificate=letsencryptauthorityx3.pem.txt -nc https://trac.chirp.danplanet.com/chirp_daily/LATEST
73,
~iain / N6ML
Both workarounds tested out okay and my script is working again.
Thanks!
Jim Unroe wrote on 12/26/2017 01:15 PM:
Here is an option that worked for me.
wget --no-check-certificate
https://trac.chirp.danplanet.com/chirp_daily/LATEST/chirp-daily-20171204-win...
Jim KC9HI
iain macdonnell - N6ML wrote on 12/26/2017 01:02 PM:
Actually, better workaround, without the security concern would be:
# do this once, and store it somewhere wget https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt
# then... wget --ca-certificate=letsencryptauthorityx3.pem.txt -nc https://trac.chirp.danplanet.com/chirp_daily/LATEST
73,
~iain / N6ML
iain macdonnell - N6ML wrote on 12/26/2017 12:26 PM:
Looks like it's using a free cert from "Let's Encrypt", and may not be setup quite right (it doesn't appear to be supplying the intermediate CA cert). If you're not worried about security (e.g. someone trying to pretend to be danplanet.com and offer you a trojan horse), you could add "--no-check-certificate" to your wget command to work around this...
73,
~iain / N6ML
On Tue, Dec 26, 2017 at 2:00 PM, CN85rq chirp-info@aberle.net wrote:
I have a script which I use to keep fldigi updated. It works by making a temporary copy the download page URL, using grep to extract the name of the latest tar.gz file, and then downloading and installing that file.
However, wget now fails ... complaining about an expired certificate (see output below). Can an updated certificate be installed on the web server?
Thanks, Steve
Here is an option that worked for me.
wget --no-check-certificate https://trac.chirp.danplanet.com/chirp_daily/LATEST/chirp-daily-20171204-win...
Jim KC9HI
participants (3)
-
CN85rq -
iain macdonnell - N6ML -
Jim Unroe