60 SSL certificate problem: unable to get local issuer certificate
I have other discourse sites in my feed reader which work fine:
://community.endlessos.com/c/en.rss
://forum.lede-project.org/latest.rss
://discourse.tt-rss.org/latest.rss
I followed these recommendations in the past for such errors but in this case it rather seems like an issue with the site configuration.
I have no problems with curl for the other URLs from a clean artful VM. Using and testing the answer from StackOverflow on my computer running 16.04 gives me the following:
$ wget https://curl.haxx.se/ca/cacert.pem
--2017-10-12 18:15:33-- https://curl.haxx.se/ca/cacert.pem
Resolving curl.haxx.se (curl.haxx.se)... 151.101.114.49, 2a04:4e42:1b::561
Connecting to curl.haxx.se (curl.haxx.se)|151.101.114.49|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 236061 (231K) [application/x-pem-file]
Saving to: 'cacert.pem'
cacert.pem 100%[========================================================>] 230,53K 44,1KB/s in 5,2s
2017-10-12 18:15:45 (44,1 KB/s) - 'cacert.pem' saved [236061/236061]
$ sudo cp cacert.pem /etc/ssl/cacert.pem
$ curl https://community.ubuntu.com/latest.rss --cacert /etc/ssl/cacert.pem
curl: (60) server certificate verification failed. CAfile: /etc/ssl/cacert.pem CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
alan@hal:~$ curl https://community.ubuntu.com/latest.rss | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0<?xml version="1.0" encoding="UTF-8" ?>
<rss version="2.0" xmlns:discourse="http://www.discourse.org/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
<channel>
<title>Ubuntu Community Hub - Latest topics</title>
<link>http://community.ubuntu.com/latest</link>
<description>Latest topics</description>
<lastBuildDate>Thu, 12 Oct 2017 16:35:24 +0000</lastBuildDate>
<atom:link href="http://community.ubuntu.com/latest.rss" rel="self" type="application/rss+xml" />
<item>
<title>Mir release 0.28</title>
<dc:creator><![CDATA[@alan_g Alan Griffiths]]></dc:creator>
<category>Mir</category>
<description><![CDATA[
<p><a href="http://community.ubuntu.com/u/alan_g">@alan_g</a> wrote:</p>
<blockquote>
<h1>Mir 0.28</h1>
<p>We are pleased to announce that Mir 0.28 has been released and is available in Ubuntu 17.10 (Artful).</p>
<p>As the content (and even the name) of this release has changed over the time we’ve been working towards it now is probably a good time to reflect on what it is, and what it isn’t after all.</p>
<h2>What is in Mir 0.28?</h2>
<h3>There is now a stable server ABI</h3>
<p>This simplifies the use of “Mir snaps” making it possible to release new library versions without breaking servers.</p>
<p>One of the barriers to the adoption of Mir has been the potential for Mir releases to break downstream projects that depend on a stable ABI. This is provided by libmiral, which is now part of Mir.</p>
<p>The Yunit project which uses Mir as part of its graphics stack has already <a href="https://yunit.io/yunit-project-updates-20170917/" rel="nofollow noopener">started migrating code</a> to use <code>libmir
al</code> for this reason.</p>