Hi,
I can't add a feed :
cURL error 60: SSL certificate problem: unable to get local issuer certificate [https://www.lagedefaire-lejournal.fr/feed/]
Thx.
qwertygc
All 7 comments
Seems to be a GeoTrust certificate - wasn't that one of the problematic subcompanies of Symantec? I guess thats a problem only the site owner can fix:
wget https://www.lagedefaire-lejournal.fr/feed/
--2017-12-13 18:48:48-- https://www.lagedefaire-lejournal.fr/feed/
Resolving www.lagedefaire-lejournal.fr (www.lagedefaire-lejournal.fr)... 137.74.93.217
Connecting to www.lagedefaire-lejournal.fr (www.lagedefaire-lejournal.fr)|137.74.93.217|:443... connected.
ERROR: cannot verify www.lagedefaire-lejournal.fr's certificate, issued by '/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA':
Unable to locally verify the issuer's authority.
But lets see if someone has a better idea
kevinpapst
on 13 Dec 2017
Hello,
One can disable SSL verification globally in FreshRSS, but this is not
recommended:
https://github.com/FreshRSS/FreshRSS/issues/1144#issuecomment-216024457
See also:
https://validator.w3.org/feed/check.cgi?url=https%3A%2F%2Fwww.lagedefaire-lejournal.fr%2Ffeed%2F
Alkarex
on 13 Dec 2017
P.S.: You can also manually add the missing root certificate to your server
Alkarex
on 13 Dec 2017
P.S.: You can also manually add the missing root certificate to your server
How ? It's a shared server.
qwertygc
on 13 Dec 2017
How ? It's a shared server.
Then you cannot :-)
They have at least a couple of SSL problems: https://www.ssllabs.com/ssltest/analyze.html?d=www.lagedefaire-lejournal.fr
I have not looked in details but it looks like their certificate chain is incomplete, or using a certificate that is not currently standard in e.g. Ubuntu LTS.
curl --insecure -v -I 'https://www.lagedefaire-lejournal.fr/feed/'
* Trying 137.74.93.217...
* TCP_NODELAY set
* Connected to www.lagedefaire-lejournal.fr (137.74.93.217) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=lagedefaire-lejournal.fr
* start date: Jan 29 00:00:00 2017 GMT
* expire date: Jan 29 23:59:59 2018 GMT
* issuer: C=US; O=GeoTrust Inc.; CN=RapidSSL SHA256 CA
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> HEAD /feed/ HTTP/1.1
> Host: www.lagedefaire-lejournal.fr
> User-Agent: curl/7.55.1
> Accept: */*
>
If you cannot wait for them to fix the issue, your only options are to weaken FreshRSS globally by disabling SSL check (see above), or to use a weak RSS bridge.
Alkarex
on 13 Dec 2017
Think :-)
qwertygc
on 14 Dec 2017
How about making this a configuration option for each feed ?
like on this mockup:
perrinjerome
on 28 Feb 2018
Related issues
linuxacademysickpig
路
3Comments
treyssatvincent
路
5Comments
mdemoss
路
4Comments
mbnoimi
路
4Comments
Aasemoon
路
6Comments
Most helpful comment
How about making this a configuration option for each feed ?
like on this mockup: