Ubuntu 14.04 works better. Under similar conditions, AAAA record is ignored and wget downloads certificate from correct server:
$ wget -d https://www.digicert.com/CACerts/DigiCertSHA2ExtendedValidationServerCA.crt DEBUG output created by Wget 1.15 on linux-gnu. URI encoding = ‘UTF-8’ --2014-04-24 13:54:34-- https://www.digicert.com/CACerts/DigiCertSHA2ExtendedValidationServerCA.crt Resolving www.digicert.com (www.digicert.com)... 64.78.193.234 Caching www.digicert.com => 64.78.193.234 Connecting to www.digicert.com (www.digicert.com)|64.78.193.234|:443... connected. Created socket 3. Releasing 0x00000000006ff3f0 (new refcount 1). Initiating SSL handshake. Handshake successful; connected socket 3 to SSL handle 0x00000000006ff670 certificate: subject: /businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Utah/serialNumber=5299537-0142/street=Suite 500/street=2600 West Executive Parkway/postalCode=84043/C=US/ST=Utah/L=Lehi/O=DigiCert, Inc./CN=www.digicert.com issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA X509 certificate successfully verified and matches host www.digicert.com ---request begin--- GET /CACerts/DigiCertSHA2ExtendedValidationServerCA.crt HTTP/1.1 User-Agent: Wget/1.15 (linux-gnu) Accept: */* Host: www.digicert.com Connection: Keep-Alive ... $ host -a www.digicert.com Trying "www.digicert.com" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14219 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.digicert.com. IN ANY ;; ANSWER SECTION: www.digicert.com. 299 IN A 64.78.193.234 www.digicert.com. 0 IN AAAA ::ffff:67.215.65.132 Received 78 bytes from 127.0.1.1#53 in 27 ms $ host -t A www.digicert.com www.digicert.com has address 64.78.193.234 $ host -t AAAA www.digicert.com www.digicert.com has no AAAA record -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1312127 Title: wget tries to get certificate from wrong server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1312127/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs