Certificates issue on official site

Currently wget and docker can’t download packages from official site:

wget https://foundationdb-origin.apple.com/downloads/6.2.20/ubuntu/installers/foundationdb-clients_6.2.20-1_amd64.deb
--2021-04-27 11:01:20--  https://foundationdb-origin.apple.com/downloads/6.2.20/ubuntu/installers/foundationdb-clients_6.2.20-1_amd64.deb
Resolving foundationdb-origin.apple.com (foundationdb-origin.apple.com)...
Connecting to foundationdb-origin.apple.com (foundationdb-origin.apple.com)||:443... connected.
ERROR: cannot verify foundationdb-origin.apple.com's certificate, issued by ‘C=US,O=Apple Inc.,OU=Certification Authority,CN=Apple IST CA 2 - G1’:
  Self-signed certificate encountered.
To connect to foundationdb-origin.apple.com insecurely, use `--no-check-certificate'.

The same certificate (Apple IST CA 2 - G1) is accepted on my machine by Firefox and WSL2 running an Ubuntu host. Maybe this CA is not present in the default trusted CA roots of your specific linux host ?

Kind of, I have old ubuntu 18.04 machines and everything works fine there, but just a new fresh one throws an error on the host and in the docker. I tested on two clean installs and this certificate seems to be “kind of” revoked.

Can you try downloading the packages from foundationdb.org rather than foundationdb-origin.apple.com?

I’ve resolved a similar problem. Installing ca-certificates may resolve the error.

1 Like

Works for me! Thanks!!

Well, actually no. And using foundationdb.org for downloading not working either. Ubutnu 18.04.

Well, it seems that the certificate for https://foundationdb.org has expired on May 10th 2021


But once you accept this certificate, then it 302 redirects to https://www.foundationdb.org/ which has a valid certificate (until April 2022).

1 Like

I’m getting the same expired certificate when following links to download (Error code: SEC_ERROR_EXPIRED_CERTIFICATE) => https://foundationdb-origin.apple.com/download/download-6.2.30/

The expired certificate has subject name foundationdb-origin.apple.com and serial number 5F:32:38:A8:92:68:20:89:E6:56:CD:91:3D:DA:F0:7B

Now it is down altogether

You may have to add the www subdomain.