Yeah - it's the intermediate certificate. DIgicert's tool even says what's
wrong with it - SSL works on a "chain of trust" - so, most distributions
trust the "root" certificates - then they issue "intermediate" certificates
and then sign customer's certificates with that. This requires customers to
publish both the server & intermediate certificate(s) to allow the client
to "chain" back to the root certificate that it trusts.
If it helps anyone - I've modified my weewx install to use http temporarily
... I added this in weewx/restx.py around line 597
use_http_to_post = to_bool(_ambient_dict.pop('use_http', False))
if use_http_to_post:
StdWunderground.pws_url =
re.sub("https","http",StdWunderground.pws_url)
StdWunderground.rf_url =
re.sub("https","http",StdWunderground.rf_url)
Then a new config flag in weewx.conf `use_http` will let you toggle on/off
Brice Ruth, FCD
Software Engineer, Madison WI
On Fri, Jan 31, 2020 at 10:39 AM Denny Page <[email protected]> wrote:
> For those of you still experiencing an issue, I posted this on the
> Wunderground apicommunity thread:
>
>
>
> So, the certificate isn't verifiable due to authority trust. Easily
> identifiable with wget or curl. It would appear that the certificate
> authority ("DigiCert SHA2 Secure Server CA") is not trusted with at least
> some of the Linux distributions. It is trusted in current MacOs.
>
> -----
>
> denny ~ $ wget
> https://rtupdate.wunderground.com/weatherstation/updateweatherstation.php
> --2020-01-31 08:28:41--
> https://rtupdate.wunderground.com/weatherstation/updateweatherstation.php
> Resolving rtupdate.wunderground.com... 169.60.133.170, 169.47.111.58,
> 52.116.188.166
> Connecting to rtupdate.wunderground.com|169.60.133.170|:443... connected.
> ERROR: cannot verify rtupdate.wunderground.com's certificate, issued by
> 'CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US':
> Unable to locally verify the issuer's authority.
> To connect to rtupdate.wunderground.com insecurely, use
> `--no-check-certificate'.
> denny ~ $ curl
> https://rtupdate.wunderground.com/weatherstation/updateweatherstation.php
> curl: (60) SSL certificate problem: unable to get local issuer certificate
> More details here: https://curl.haxx.se/docs/sslcerts.html
>
> curl failed to verify the legitimacy of the server and therefore could not
> establish a secure connection to it. To learn more about this situation and
> how to fix it, please visit the web page mentioned above.
> denny ~ $
>
> --
> You received this message because you are subscribed to the Google Groups
> "weewx-user" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/weewx-user/6f2decf9-4c1a-48f6-8a88-6eac8f15c62e%40googlegroups.com
> <https://groups.google.com/d/msgid/weewx-user/6f2decf9-4c1a-48f6-8a88-6eac8f15c62e%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
You received this message because you are subscribed to the Google Groups
"weewx-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/weewx-user/CAFbExW6Z859c9V28ugBoO8n5jth2PqUea9rBT0VoDW5VbV1R0g%40mail.gmail.com.
