Certificate issue with Comodo

jet1972

Verified User
Joined
Jul 8, 2011
Messages
256
When I update software with ./build update I get an error saying that certificate for Comodo plugin is not trusted.


"ERROR: The certificate of 'waf.comodo.com' is not trusted" / "hasn't got a known issuer"

Anyone else having this problem and how to fix it?


Kind regards,
Jan
 
When I update software with ./build update I get an error saying that certificate for Comodo plugin is not trusted.
"ERROR: The certificate of 'waf.comodo.com' is not trusted" / "hasn't got a known issuer"
Anyone else having this problem and how to fix it?

Did some more tests.
I did now also run ./build update_versions after ./build update and it gave something like this:

"Updating to the latest CWAF client version
current version is up to date
update process finished!

gzip: stdin: unexpected end of file
tar: Child returned status 1
tar: Error is not recoverable: exiting now

Installation of ModSecurity Rule Set has been finished."
 
Downloading versions_cwaf.txt...
--2017-07-17 11:28:18-- http://files24.directadmin.com/services/custombuild/versions_cwaf.txt
Resolving files24.directadmin.com (files24.directadmin.com)... 188.116.53.50
Connecting to files24.directadmin.com (files24.directadmin.com)|188.116.53.50|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 159 [text/plain]
Saving to: `/usr/local/directadmin/custombuild/versions_cwaf.txt'

100%[=============================================================================================================================================>] 159 --.-K/s in 0s

2017-07-17 11:28:18 (33.0 MB/s) - `/usr/local/directadmin/custombuild/versions_cwaf.txt' saved [159/159]

Downloading cwaf_rules-1.130.tgz...
--2017-07-17 11:28:19-- https://waf.comodo.com/api/da_vendor?file=cwaf_rules-1.130.tgz
Resolving waf.comodo.com (waf.comodo.com)... 91.209.196.88
Connecting to waf.comodo.com (waf.comodo.com)|91.209.196.88|:443... connected.
ERROR: The certificate of `waf.comodo.com' is not trusted.
ERROR: The certificate of `waf.comodo.com' hasn't got a known issuer.

*** MD5 Checksum for cwaf_rules-1.130.tgz Failed. Redownloading...***

Downloading cwaf_rules-1.130.tgz...
--2017-07-17 11:28:20-- https://waf.comodo.com/api/da_vendor?file=cwaf_rules-1.130.tgz
Resolving waf.comodo.com (waf.comodo.com)... 91.209.196.88
Connecting to waf.comodo.com (waf.comodo.com)|91.209.196.88|:443... connected.
ERROR: The certificate of `waf.comodo.com' is not trusted.
ERROR: The certificate of `waf.comodo.com' hasn't got a known issuer.


*** MD5 Checksum for cwaf_rules-1.130.tgz failed *again*.***
The md5 checksum value may be incorrect, or a wrong file is being downloaded.
Install continuing with this possibly corrupted file. (it may also be fine)
 
Workaround in short:
Add the following in /etc/wgetrc:
check_certificate = off


What I tried to fix it:

- OS update
- rebuild all services
- Update certificates in /etc/ssl/certs
- Add the newest ca-bundle.crt from https://curl.haxx.se
- Add in /etc/wgetrc: ca_directory = /etc/ssl/certs (also tried /usr/share/ca-certificates and also tried a new folder with just the ca-bundle)
- Update wget to version 1.19.1 (warning: uses /usr/etc/wgetrc instead of /etc/wgetrc)

Unfortunately, I couldn't solve the problem for now, so I used a workaround.
Does anyone have a better solution?
 
" Workaround in short:
Add the following in /etc/wgetrc:
check_certificate = off "

Thanks Christophe1!

Yes, this is temporary fix until someone figures out what exactly is going on that causes the issue.

Kind regards,
Jan
 
Despite of the change in /etc/wgetrc (check_certificate = off) that was working for me in the past few months, the problem is back again.

Installing Comodo Rule Set for ModSecurity...
Downloading cwaf_rules-0.tgz...
--2017-11-16 21:20:15-- https://waf.comodo.com/api/da_vendor?file=cwaf_rules-0.tgz
Resolving waf.comodo.com (waf.comodo.com)... 91.209.196.88
Connecting to waf.comodo.com (waf.comodo.com)|91.209.196.88|:443... connected.
WARNING: The certificate of `waf.comodo.com' is not trusted.
WARNING: The certificate of `waf.comodo.com' hasn't got a known issuer.
HTTP request sent, awaiting response... Read error (The request is invalid.) in headers.
Retrying.


Does anyone have a real fix?
For now, I changed from the comodo ruleset to the owasp ruleset.

The owasp rules can be downloaded perfectly without certificate errors.
 
Back
Top