On Thu, 8 Jul 2021 at 06:13, Christopher Hawker <email at chrishawker.com.au> wrote: > > If it doesn’t have a known issuer, it is more than likely a self-signed cert. > I put the site on a ssl checker and it seems that the certificates being offered are in the 'wrong order' . Using openssl CONNECTED(00000003) depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority verify return:1 depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA verify return:1 depth=0 OU = Domain Control Validated, OU = PositiveSSL Multi-Domain, CN = limestonenetworks.com verify return:1 --- Certificate chain 0 s:OU = Domain Control Validated, OU = PositiveSSL Multi-Domain, CN = limestonenetworks.com i:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA 1 s:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root 2 s:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority 3 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root 4 s:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root 5 s:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority 6 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root subject=OU = Domain Control Validated, OU = PositiveSSL Multi-Domain, CN = limestonenetworks.com issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA --- No client certificate CA names sent Peer signing digest: SHA512 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 10479 bytes and written 439 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE ===== SO I think that is why it works in a browser. wget worked on my hosts also .. so I am guessing that something on the original posters system is blocking. > Regards, > Christopher Hawker > > Sent from my iPhone > > On 8 Jul 2021, at 8:12 pm, Jim Archon <jimarchon72 at gmail.com> wrote: > > > Hello, > > https://mirror.lstn.net/ is returning HTTPS certificate errors with wget. Are you getting the same errors with wget from this mirror? There seem to be no errors with wget with the other HTTPS mirrors. > > Interestingly, Google Chrome is not showing any Certificate errors on https://mirror.lstn.net/. > > wget https://mirror.lstn.net/centos/8.4.2105/isos/x86_64/CentOS-8.4.2105-x86_64-boot.iso > --2021-07-08 09:35:51-- https://mirror.lstn.net/centos/8.4.2105/isos/x86_64/CentOS-8.4.2105-x86_64-boot.iso > Resolving mirror.lstn.net (mirror.lstn.net)... 2607:ff68:1:4c::100, 64.31.0.51 > Connecting to mirror.lstn.net (mirror.lstn.net)|2607:ff68:1:4c::100|:443... connected. > ERROR: The certificate of ‘mirror.lstn.net’ is not trusted. > ERROR: The certificate of ‘mirror.lstn.net’ doesn't have a known issuer. > ERROR: The certificate of ‘mirror.lstn.net’ has expired. > _______________________________________________ > CentOS-mirror mailing list > CentOS-mirror at centos.org > https://lists.centos.org/mailman/listinfo/centos-mirror > > _______________________________________________ > CentOS-mirror mailing list > CentOS-mirror at centos.org > https://lists.centos.org/mailman/listinfo/centos-mirror -- Stephen J Smoogen. I've seen things you people wouldn't believe. Flame wars in sci.astro.orion. I have seen SPAM filters overload because of Godwin's Law. All those moments will be lost in time... like posts on BBS... time to reboot.