Certificate error
Symptoms
Multiple symptoms may be observed related to this certificate issue, all related to validation of Let's Encrypt certificate.
The most common is trying to update OPKG feeds from our download server but theoretically all software downloading file with SSL from Let's Encrypt signed website. This is also valid for our LORIX Remote Upgrade tool for example.
OPKG error
Downloading https://download.wifx.net/lorix-os/1.3.3/feeds/all/Packages.gz. Downloading https://download.wifx.net/lorix-os/1.3.3/feeds/cortexa5t2hf-neon-vfpv4/Packages.gz. Downloading https://download.wifx.net/lorix-os/1.3.3/feeds/lorix_one_512/Packages.gz. Collected errors: * opkg_download_backend: Failed to download https://download.wifx.net/lorix-os/1.3.3/feeds/all/Packages.gz, wget returned 5. * opkg_download_backend: Failed to download https://download.wifx.net/lorix-os/1.3.3/feeds/cortexa5t2hf-neon-vfpv4/Packages.gz, wget returned 5. * opkg_download_backend: Failed to download https://download.wifx.net/lorix-os/1.3.3/feeds/lorix_one_512/Packages.gz, wget returned 5.
wget error
--2021-10-14 08:30:16-- https://download.wifx.net/lorix-os/1.3.3/feeds/lorix_one_512/Packages.gz Resolving download.wifx.net... 185.43.244.57 Connecting to download.wifx.net|185.43.244.57|:443... connected. ERROR: The certificate of 'download.wifx.net' is not trusted. ERROR: The certificate of 'download.wifx.net' has expired.
Description
Multiple programs return a certificate error when connecting to a server providing a Let's Encrypt certificate.
Since the revocation of the DST Root CA X3 that was used by Let's Encrypt, they did a trick to ensure operation of old Android devices. Sadly, this trick is not compatible with some programs that use an older version of OpenSSL.
Details: https://blog.devgenius.io/lets-encrypt-change-affects-openssl-1-0-x-and-centos-7-49bd66016af3.
Resolution
Remove the expired DST Root CA X3 certificate from the CA store: