[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#991853: archive.debian.org: Invalid SSL/TLS certificate, https fails

Package: www.debian.org
Severity: normal

Apologies if this is the wrong pseudo-package; I couldn't find one
for archive.debian.org specifically.

Attempts to download a package from the archive.debian.org site using
https with command line tools fail.  These examples are performed on a
bullseye host:


$ wget https://archive.debian.org/debian/pool/main/a/apt/apt-transport-https_0.9.7.9+deb7u7_amd64.deb
--2021-08-03 08:26:17--  https://archive.debian.org/debian/pool/main/a/apt/apt-transport-https_0.9.7.9+deb7u7_amd64.deb
Resolving archive.debian.org (archive.debian.org)... 217.196.149.234, 193.62.202.28, 130.89.148.13, ...
Connecting to archive.debian.org (archive.debian.org)|217.196.149.234|:443... connected.
ERROR: The certificate of ‘archive.debian.org’ is not trusted.
ERROR: The certificate of ‘archive.debian.org’ doesn't have a known issuer.
The certificate's owner does not match hostname ‘archive.debian.org’

$ curl https://archive.debian.org/debian/pool/main/a/apt/apt-transport-https_0.9.7.9+deb7u7_amd64.deb > apt-transport-https_0.9.7.9+deb7u7_amd64.deb
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.


If I go to https://archive.debian.org/debian/pool/main/a/apt/ in
Google Chrome, I'm prompted with the standard warning about an
invalid certificate; if I choose to go forward despite that, I get:


Not Found
The requested URL was not found on this server.

Apache Server at archive.debian.org Port 443


Finally, I will note that it would be most helpful if the archive.debian.org
site can be accessed directly by older systems using the apt-transport-https
package.  If this is impossible due to security concerns, then downloading
the packages by hand on a newer system, and then moving them over to the
older systems, would still be better than the current situation, which is
that the packages are completely inaccessible in environments where plain
http is blocked.
Reply to: