Using Debian Wheeze amd64, same version of wget (1.13.4-3+deb7u1). Just had new SSL keys generated for my hobby site stech.muecke.pw (heartbleed disaster recovery). According to gnutls-cli my certificate is completely valid:
$ gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt [..] - The hostname in the certificate matches 'stech.muecke.pw'. - Peer's certificate is trusted [..] Corresponding wget command still fails: $ wget -4 --ca-certificate /etc/ssl/certs/ca-certificates.crt \ https://stech.muecke.pw -O /dev/null [..] Connecting to stech.muecke.pw (stech.muecke.pw)|xx.xx.xx.xx|:443... connected. GnuTLS: A TLS warning alert has been received. Unable to establish SSL connection. --no-check-certificate does not help. Curl works, as does iceweasel. Wget with --no-check-certificate, using IP address instead of hostname also works (with IP v4 and v6 addresses). Using a locally defined DNS alias "mosquito.pool" with --no-check-certificate also works, but the public DNS alias "mosquito.selfhost.eu" produces the above error. cheers, David -- GnuPG public key: http://dvdkhlng.users.sourceforge.net/dk2.gpg Fingerprint: B63B 6AF2 4EEB F033 46F7 7F1D 935E 6F08 E457 205F
pgp5i0FmmIGZJ.pgp
Description: PGP signature