How to use/debug Debian preseed with SSL using Startssl Certs

preseeding work perfect for me using:

auto url=http://mydomain.com/preseed.cfg

but as soon as i use a https connection, it doesn't work any more.

auto url=https://mydomain.com/preseed.cfg

with wget i can download the preseed file without a problem, with lynx i get an

"SSL-Error:no issuer was found"

so it looks like a cert problem, i use startssl.com to generate my free certs, nginx acts as ssl webserver (no problem accessing the https site with firefox).

how to debug this? how to force to get the file over the ssl connection?


The problem is that the wget from busybox is not compiled to support SSL. And there are no Certificate Authorities stored in d-i (so it really can't validate the server certificate).

The solution would be to add real wget into the initrd and add a trusted Certificate Authority.


@alekibango and @bahamat are correct, wget from busybox is not compiled to support SSL. But as of 2014, you can enable the --no-check-certificate parameter via the boot parameter:

debian-installer/allow_unauthenticated_ssl=true

I had to do this for Ubuntu 16.04 Xenial.

I found this information at: https://bugs.launchpad.net/ubuntu/+source/debian-installer/+bug/833994#yui_3_10_3_1_1504942623880_1343