<div dir="ltr">Reinhard,<div><br></div><div>I see the same problem with getnonfreefonts on my MacBook Pro</div><div><br></div><div>





<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">athena:Desktop tjk$ sudo getnonfreefonts --sys</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">--2021-11-06 18:02:32--<span class="gmail-Apple-converted-space">  </span><a href="https://www.tug.org/~kotucha/getnonfreefonts/getfont.pl">https://www.tug.org/~kotucha/getnonfreefonts/getfont.pl</a></span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Resolving <a href="http://www.tug.org">www.tug.org</a> (<a href="http://www.tug.org">www.tug.org</a>)... 94.23.251.76</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Connecting to <a href="http://www.tug.org">www.tug.org</a> (<a href="http://www.tug.org">www.tug.org</a>)|94.23.251.76|:443... connected.</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ERROR: cannot verify <a href="http://www.tug.org">www.tug.org</a>'s certificate, issued by ‘CN=R3,O=Let's Encrypt,C=US’:</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">  </span>Issued certificate has expired.</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">To connect to <a href="http://www.tug.org">www.tug.org</a> insecurely, use `--no-check-certificate'.</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">! Error: Can't execute wget.</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><br></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><br></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)">I did some research and found this</p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><br></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><a href="https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/">https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/</a><br></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><br></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)">So I _suspect_ the version of wget in use uses an older version of OpenSSL.</p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)">Perhaps wget might be using GnuTLS, but I am not sure of the Let's Encrypt</p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)">certificates will have a problem with GnuTLS.</p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><br></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)">In the meantime, I am going to build the most current wget with the most</p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)">current OpenSSL 1.1.1 and see how I fare.</p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><br></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)">Tom</p></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Nov 6, 2021 at 5:50 PM Reinhard Kotucha <<a href="mailto:reinhard.kotucha@web.de">reinhard.kotucha@web.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br>
David (who is in the CC) reported a problem with getnonfreefonts:<br>
<br>
 | Resolving www.tug.org... 94.23.251.76<br>
 | Connecting to <a href="http://www.tug.org" rel="noreferrer" target="_blank">www.tug.org</a>|94.23.251.76|:443... connected.<br>
 | ERROR: The certificate of '<a href="http://www.tug.org" rel="noreferrer" target="_blank">www.tug.org</a>' is not trusted.<br>
 | ERROR: The certificate of '<a href="http://www.tug.org" rel="noreferrer" target="_blank">www.tug.org</a>' has expired.<br>
 | ! Error: Can't execute wget.<br>
<br>
I can't reproduce the problem and when I examine the certificates<br>
within Firefox I see that they're all up-to-date.<br>
<br>
Can anybody explain how this can happen and how the problem can be<br>
solved?<br>
<br>
Regards,<br>
  Reinhard<br>
<br>
--<br>
------------------------------------------------------------------<br>
Reinhard Kotucha                            Phone: +49-511-3373112<br>
Marschnerstr. 25<br>
D-30167 Hannover                    mailto:<a href="mailto:reinhard.kotucha@web.de" target="_blank">reinhard.kotucha@web.de</a><br>
------------------------------------------------------------------<br>
<br>
</blockquote></div>