Table of Contents
- What Is wget and Why Use It?
- Common Causes of HTTPS Download Errors with wget
- Common HTTPS Download Errors
- Method 1: Ignoring SSL Certificate Checks
- Method 2: Updating CA Certificates
- Method 3: Manually Specifying a Certificate Authority (CA) File
- Method 4: Fixing Proxy Issues
- Method 5: Updating or Reinstalling OpenSSL
- Conclusion
The wget command is one of the most powerful tools in Linux for downloading files from the web. It supports both HTTP and HTTPS protocols, allowing users to download files securely. However, HTTPS downloads can sometimes fail due to certificate issues or misconfigurations.
In this guide, we’ll explore how to troubleshoot and fix HTTPS download errors when using wget.
What Is wget and Why Use It?
wget is a non-interactive command-line tool for downloading files over the web. It can download files via HTTP, HTTPS, and FTP protocols. wget is especially useful because it works in the background, supports recursive downloads, and can resume broken downloads.
While wget works seamlessly with HTTP links, HTTPS downloads can sometimes cause issues due to SSL certificate verification failures or other security-related problems.
Common Causes of HTTPS Download Errors with wget
When using wget with HTTPS URLs, some of the most common reasons for download failures include:
- SSL certificate verification failure: The server’s certificate is not trusted.
- Outdated CA certificates: The client machine’s certificate authority (CA) file is missing or outdated.
- Self-signed certificates: The server is using a self-signed certificate.
- Proxy misconfiguration: A proxy server or firewall is blocking the connection.
- Outdated OpenSSL: wget relies on OpenSSL, and if it’s outdated, issues may occur.
Let’s look at common HTTPS download error messages and how to fix them.
Common HTTPS Download Errors
Some typical errors you might encounter when downloading files via HTTPS using wget include:
SSL Certificate Error:
ERROR: The certificate of 'example.com' is not trusted.
ERROR: The certificate of 'example.com' hasn't got a known issuer.Self-signed Certificate Error:
ERROR: The certificate of 'example.com' is self-signed.Connection Timed Out:
ERROR: Failed to establish a connection.Now, let’s go through how to fix these issues step by step.
Method 1: Ignoring SSL Certificate Checks
Sometimes the certificate verification fails due to a misconfigured server or an expired certificate. In such cases, you can bypass SSL verification with the –no-check-certificate option. However, be cautious when using this method as it disables security checks.
wget --no-check-certificate https://example.com/fileNote: This method is insecure and should only be used as a last resort or for trusted internal connections.
Method 2: Updating CA Certificates
If your system’s CA certificates are outdated or missing, wget may fail to verify the SSL certificate of the server. Updating your CA certificates can resolve this issue.
Update CA Certificates on Debian/Ubuntu:
apt-get install --reinstall ca-certificatesUpdate CA Certificates CentOS/RHEL:
yum reinstall ca-certificatesAfter reinstalling CA certificates, try downloading the file again with wget.
Method 3: Manually Specifying a Certificate Authority (CA) File
If you have a custom or self-signed certificate, you can manually specify the CA file to be used by wget.
wget --ca-certificate=/path/to/ca-cert.pem https://example.com/fileThis tells wget to use the specified CA certificate file to validate the server’s certificate.
Method 4: Fixing Proxy Issues
If your network uses a proxy, misconfigurations can cause wget to fail when downloading via HTTPS. To fix this, you can configure wget to use a proxy server either via the .wgetrc file or directly in the command.
wget --proxy=on --https-proxy=https://proxyserver:port https://example.com/fileAlternatively, edit the .wgetrc file to set proxy options globally:
nano ~/.wgetrcAdd the following lines:
use_proxy=yes
https_proxy=https://proxyserver:portMethod 5: Updating or Reinstalling OpenSSL
wget relies on the OpenSSL library to handle HTTPS connections. An outdated or missing version of OpenSSL can cause HTTPS errors. To fix this, update OpenSSL to the latest version.
Update OpenSSL Debian/Ubuntu:
apt-get install opensslUpdate OpenSSL CentOS/RHEL:
yum install opensslAfter updating OpenSSL, retry the wget command.
Conclusion
In this guide, we have provided clear steps to troubleshoot and fix HTTPS download errors with wget. HTTPS download errors with wget can be frustrating, but they are usually easy to fix once you understand the underlying cause. Hopefully this guide helps you troubleshoot HTTPS downloading errors on dedicated server hosting from Atlantic.Net!
