On Thu, 23 Jan 2025 02:53:02 +0100 Zoran Davidovac <zoran.davido...@gmail.com> wrote: > Hi to all, > > site galaksija.net is have some chain issues > see ( > https://www.ssllabs.com/ssltest/analyze.html?d=galaksija.net&hideResults=on > ) > and wget does not work, but that should not be problem if we use > --no-check-certificate ? > but that does not work as expected (see bellow) or this is a feature of > Wget 1.25.0? > > > Kind Regards, > > Zoran > > > wget example: > > > bash-5.2$ wget -c -m -np https://galaksija.net/my2cents_video.html > --2025-01-23 02:29:10-- https://galaksija.net/my2cents_video.html > Resolving galaksija.net (galaksija.net)... 185.27.134.219 > Connecting to galaksija.net (galaksija.net)|185.27.134.219|:443... > connected. > ERROR: cannot verify galaksija.net's certificate, issued by > ‘CN=R10,O=Let's Encrypt,C=US’: > Unable to locally verify the issuer's authority. > To connect to galaksija.net insecurely, use `--no-check-certificate'. > bash-5.2$ wget -c -m -np --no-check-certificate > https://galaksija.net/my2cents_video.html -d > DEBUG output created by Wget 1.25.0 on linux-gnu. > > Reading HSTS entries from /home/zdavid/.wget-hsts > URI encoding = ‘UTF-8’ > URI encoding = ‘UTF-8’ > Enqueuing https://galaksija.net/my2cents_video.html at depth 0 > Queue count 1, maxcount 1. > [IRI Enqueuing > ‘https://galaksija.net/my2cents_video.html’ with ‘UTF-8’ Dequeuing > https://galaksija.net/my2cents_video.html at depth 0 > Queue count 0, maxcount 1. > Converted file name 'galaksija.net/my2cents_video.html' (UTF-8) -> > 'galaksija.net/my2cents_video.html' (UTF-8) > --2025-01-23 02:29:15-- https://galaksija.net/my2cents_video.html > Resolving galaksija.net (galaksija.net)... 185.27.134.219 > Caching galaksija.net => 185.27.134.219 > Connecting to galaksija.net (galaksija.net)|185.27.134.219|:443... > connected. > Created socket 3. > Releasing 0x000000002a190620 (new refcount 1). > Initiating SSL handshake. > Handshake successful; connected socket 3 to SSL handle > 0x000000002a191c10 certificate: > subject: CN=galaksija.net > issuer: CN=R10,O=Let's Encrypt,C=US > WARNING: cannot verify galaksija.net's certificate, issued by > ‘CN=R10,O=Let's Encrypt,C=US’: > Unable to locally verify the issuer's authority. >
Hello, You might also try with --no-hsts . I'm getting a completely different problem with Wget 1.21: % wget -c -m -np --no-check-certificate https://galaksija.net/my2cents_video.html --2025-01-23 13:50:21-- https://galaksija.net/my2cents_video.html Resolving galaksija.net (galaksija.net)... 185.27.134.219 Connecting to galaksija.net (galaksija.net)|185.27.134.219|:443... connected. WARNING: The certificate of 'galaksija.net' is not trusted. WARNING: The certificate of 'galaksija.net' doesn't have a known issuer. HTTP request sent, awaiting response... Read error (The TLS connection was non-properly terminated.) in headers. Retrying. --2025-01-23 13:50:23-- (try: 2) https://galaksija.net/my2cents_video.html Connecting to galaksija.net (galaksija.net)|185.27.134.219|:443... connected. WARNING: The certificate of 'galaksija.net' is not trusted. WARNING: The certificate of 'galaksija.net' doesn't have a known issuer. HTTP request sent, awaiting response... Read error (The TLS connection was non-properly terminated.) in headers. Retrying. ... etc ... Trying to investigate from this route, curl 7.74.0 outputs: % curl -O -kD- https://galaksija.net/my2cents_video.html % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (52) Empty reply from server I tried it also with http versions 0.9 1.0 1.1 and 2.0 with the same, failure, responce. Curl also complains of a bad certificate. Using firefox, I see the following returned from the server: <html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("f9ac82017762ceaec7fc038137e3976b");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="https://galaksija.net/my2cents_video.html?i=1";;</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html> I then copied firefox's request as a curl commandline and curl still complained about a bad certificate, but firefox had no such objections -- which is quite odd. Firefox also does not have a problem with an empty server response. Considering that wget and curl use differet code bases, I'd like to suggest that the server itself is misconfigured. Now wget's maintainer could look into what is causing these problems, but is it worth it? Like, even if the certificate problem was resolved, there's still the problem of the server not giving automated clients any data. Even if you got the data, as shown above, it's a javascript powered site. In other words, you'll have to hand mirror it with firefox if you want a copy. I tried accessing robots.txt on the site with firefox and got a 404 error. My suggestion would be to speak to the webmaster and ask for a copy of the site if you want one. You're welcome, David
