Edit: As for getting it to work with units, I am not able to see which library it is using for connecting to ssl hosts. In any case, it probably relies on the distro for the cert store. Try opening a bug report on the Arch Linux bugtracker.
]]>In any case, after playing around a bit with https://rss.timegenie.com, I got it to work by exporting the "DST Root CA X3" and "Let’s Encrypt Authority X1" certificates using Firefox and concatenating them into a single file. Finally, pass the file to curl using --cacert.
Something like
curl --cacert ./timegenie.crt https://rss.timegenie.com/forex.xml -I
Edit: For wget, use
wget --ca-certificate=./timegenie.crt https://rss.timegenie.com/forex.xml
Also, I followed the links, and it may be related to this bug, which was fixed in the last week. But I'm not sure what that even fixes, and if it's something running on the original server. (Nor why the certificate works fine in Firefox and Chromium.)
]]>$ sudo /usr/bin/units_cur
Error connecting to currency server. <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)>
I checked the source, and it's attempting to connect to `https://rss.timegenie.com/forex.xml`. The certificate is fine in Firefox and Chromium, and has been verified by "Let's Encrypt". I tried to directly download the page using the command line and got the following error.
$ wget https://rss.timegenie.com/forex.xml
--2016-04-03 15:53:59-- https://rss.timegenie.com/forex.xml
Resolving rss.timegenie.com (rss.timegenie.com)... 178.63.47.14
Connecting to rss.timegenie.com (rss.timegenie.com)|178.63.47.14|:443... connected.
ERROR: cannot verify rss.timegenie.com's certificate, issued by ‘CN=Let's Encrypt Authority X1,O=Let's Encrypt,C=US’:
Unable to locally verify the issuer's authority.
To connect to rss.timegenie.com insecurely, use `--no-check-certificate'.
Is this a missing certificate in Arch Linux?
]]>