Re: Buster wget: The certificate of 'lists.debian.org' is not trusted

["Thomas Schmitt" <scdbackup@gmx.net>]

Hi,

i wrote:
> > The number of 126 certificates would match /etc/ssl/certs.

tomas@tuxteam.de wrote:
> ...but mine loads... 127 certs :-/
> [...]
>   -rw-r--r-- 1 root root 2772 Jan 28  2021 ACCVRAIZ1.crt
>   -rw-r--r-- 1 root root 1972 Jan 28  2021 AC_RAIZ_FNMT-RCM.crt

Hm. The system is one year old. Time for
  apt-get update
  apt-get dist-upgrade

Afterwards i have success with
  wget https://lists.debian.org/debian-user/
It reports
  Certificates loaded: 137

Indeed
  ls -t /etc/ssl/certs
lists a few new certificate files:

  VeriSign_Universal_Root_Certification_Authority.pem
  VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem
  VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem
  thawte_Primary_Root_CA_-_G3.pem
  thawte_Primary_Root_CA_-_G2.pem
  thawte_Primary_Root_CA.pem
  GeoTrust_Primary_Certification_Authority_-_G3.pem
  GeoTrust_Universal_CA.pem
  GeoTrust_Primary_Certification_Authority_-_G2.pem
  GeoTrust_Global_CA.pem
  GeoTrust_Primary_Certification_Authority.pem

I will try whether they and their link targets repair wget on Debian 8 too.

(My current theory is that iceweasel and firefox already had the
decisive certificates but they were missing in /etc/ssl/certs or
in  where wget looks them up.)


Have a nice day :)

Thomas