While trying to help someone on ROS Answers with something related to downloading from
packages.ros.org, I ran into certificate issues trying to use
wget. The following is returned by
wget when I ask it to download a
user@machine:/tmp$ wget -4 https://packages.ros.org/ros2/ubuntu/pool/main/p/python3-rospkg-modules/python3-rospkg-modules_1.2.8-1_all.deb --2020-06-24 20:46:31-- https://packages.ros.org/ros2/ubuntu/pool/main/p/python3-rospkg-modules/python3-rospkg-modules_1.2.8-1_all.deb Resolving packages.ros.org (packages.ros.org)... 184.108.40.206, 220.127.116.11, 18.104.22.168 Connecting to packages.ros.org (packages.ros.org)|22.214.171.124|:443... connected. ERROR: no certificate subject alternative name matches requested host name ‘packages.ros.org’. To connect to packages.ros.org insecurely, use `--no-check-certificate'.
I’ve explicitly asked
wget to use IPv4 here, as I first thought the issue was with it trying to resolve IPv6 hostnames and not using the correct certificate.
sslabs.com gives a similar warning (here): Certificate name mismatch.
I’ve checked to make sure the machine I’m testing this on is not missing any updates to
ca-certificates and related packages. Other machines give me the same result.
Browsers also complain about the hostname mismatch.
Edit: I know
https is not commonly used to download packages, and obviously
http:// doesn’t have these problems.