Fixing wget certificates

Basically, I was testing different versions of OpenSSL, and somewhere in the process broke wget's path to certificates.

wget https://www.google.com 

Results now in:

ERROR: cannot verify www.google.com's certificate, issued by 'CN=Google Internet Authority G2,O=Google Inc,C=US':
Unable to locally verify the issuer's authority.
To connect to www.google.com insecurely, use `--no-check-certificate'.

Which makes me think that wget doesn't know where to look for certificates, as ca-certificates is installed and if I set export SSL_CERT_DIR=/etc/ssl/certs everything works until reboot.

How can I permanently fix this? I want to revert to the original state, where wget automatically knows where to check certificates.

I can probably set this export on boot, but what it the right place, where it originally was?

Edit:

On another server, I've checked and there is no SSL_CERT_DIR variable in the environment, yet wget works correctly. How does wget knows where to look for certificates?


Usually, the distribution will specify this in the global wgetrc file. For example, Arch Linux has this in /etc/wgetrc:

ca_certificate=/etc/ssl/certs/ca-certificates.crt

So, just find where your certificates live, and pass it to wgetrc.


It is set at ./configure time by the --openssldir option. wget will look for certificates in that directory.

You can find more on that here: https://unix.stackexchange.com/a/200058/39382