I’m getting the following error when trying to add https://community.ubuntu.com/latest.rss to my feed reader:
60 SSL certificate problem: unable to get local issuer certificate
I have other discourse sites in my feed reader which work fine:
I followed these recommendations in the past for such errors but in this case it rather seems like an issue with the site configuration.
I have no problems with curl for the other URLs from a clean artful VM. Using and testing the answer from StackOverflow on my computer running 16.04 gives me the following:
$ wget https://curl.haxx.se/ca/cacert.pem
--2017-10-12 18:15:33-- https://curl.haxx.se/ca/cacert.pem
Resolving curl.haxx.se (curl.haxx.se)... 22.214.171.124, 2a04:4e42:1b::561
Connecting to curl.haxx.se (curl.haxx.se)|126.96.36.199|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 236061 (231K) [application/x-pem-file]
Saving to: 'cacert.pem'
cacert.pem 100%[========================================================>] 230,53K 44,1KB/s in 5,2s
2017-10-12 18:15:45 (44,1 KB/s) - 'cacert.pem' saved [236061/236061]
$ sudo cp cacert.pem /etc/ssl/cacert.pem
$ curl https://community.ubuntu.com/latest.rss --cacert /etc/ssl/cacert.pem
curl: (60) server certificate verification failed. CAfile: /etc/ssl/cacert.pem CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.