I was recently running some checks on a site using the
GET command (provided by the
libwww-perl package in Ubuntu) in Bash and got the following message:
[chris@work ~]$ GET https://example.com/ Can't connect to example.com:443 (certificate verify failed) LWP::Protocol::https::Socket: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51. [chris@work ~]$
The problem is that while the site has an SSL certificate, it’s not valid for the site and fails verification. If I were in a browser, the browser would ask me if I wished to make an exception and connect anyway. The
GET command will fail instead.
There is a way to fix that however. Setting the
PERL_LWP_SSL_VERIFY_HOSTNAME environment variable to
0 bypasses the certificate verification and allows the request to continue. For example:
[chris@work ~]$ PERL_LWP_SSL_VERIFY_HOSTNAME=0 GET https://example.com/ <!doctype html> <html> <head> <title>Example Domain</title> <meta charset="utf-8" /> ...