wget no-check-certificate错误完美解决方案

相信很多朋友使用wget时会遇到这个证书验证错误。这主要是由于openssl与wget不兼容导致的，如openssl或wget升级。网上的解决方案，基本就是添加no-check-certificate这个参数。但如果有大批脚本要改，未免太繁琐了。有没有更好的解决方案？

当然是有的！本文件介绍两种方案，供读者选择。

方案一：下载源码，重新编译安装wget，configure时禁用SSL支持(默认)

./configure --prefix=/usr &&make &&make install

下载源码，重新编译安装wget，configure时开启SSL支持，但默认不验证（相当于指定了no-check-certificate命令参数）。

sed -i "s/opt.check_cert = CHECK_CERT_ON/opt.check_cert = CHECK_CERT_OFF/g" src/init.c

./configure --prefix=/usr --with-ssl=openssl &&make &&make install

对比一下两种解决方案的效果。

采用方案一后，https资源可以正常下载，也不会报告错误或提示。

[dbaas.top@qq.com ~]# wget https://ftp.gnu.org/gnu/wget/wget-1.19.tar.gz

--2018-10-23 08:51:35--  https://ftp.gnu.org/gnu/wget/wget-1.19.tar.gz

Resolving ftp.gnu.org... 208.118.235.20, 2001:4830:134:3::b

Connecting to ftp.gnu.org|208.118.235.20|:443... connected.

HTTP request sent, awaiting response... 200 OK

Length: 4202290 (4.0M) [application/x-gzip]

Saving to: 'wget-1.19.tar.gz'

wget-1.19.tar.gz 100%[=======================>]   4.01M   174KB/s    in 20s     

2018-10-23 08:51:56 (209 KB/s) - 'wget-1.19.tar.gz' saved [4202290/4202290]

采用方案二后，https资源可以正常下载且SSL功能不受影响，如果要使用该功能，只需添加check-certificate参数即可。

[dbaas.top@qq.com ~]# wget https://ftp.gnu.org/gnu/wget/wget-1.19.tar.gz

--2018-10-23 09:39:34--  https://ftp.gnu.org/gnu/wget/wget-1.19.tar.gz

Resolving ftp.gnu.org... 208.118.235.20, 2001:4830:134:3::b

Connecting to ftp.gnu.org|208.118.235.20|:443... connected.

WARNING: cannot verify ftp.gnu.org's certificate, issued by ‘CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US’:

  Unable to locally verify the issuer's authority.

HTTP request sent, awaiting response... 200 OK

Length: 4202290 (4.0M) [application/x-gzip]

Saving to: ‘wget-1.19.tar.gz’

[dbaas.top@qq.com ~]# wget https://ftp.gnu.org/gnu/wget/wget-1.19.tar.gz

--2018-10-23 09:41:49--  https://ftp.gnu.org/gnu/wget/wget-1.19.tar.gz

Resolving ftp.gnu.org... 208.118.235.20, 2001:4830:134:3::b

Connecting to ftp.gnu.org|208.118.235.20|:443... connected.

ERROR: cannot verify ftp.gnu.org's certificate, issued by ‘CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US’:

  Unable to locally verify the issuer's authority.

To connect to ftp.gnu.org insecurely, use `--no-check-certificate'.