Cannot download with Curl and Wget in AWS EC2 Linux server

Question

I am using the EC2 server with Putty.

I want to download the latest sonar-scanner to the EC2 server.

I tried to access the download-URL using both Wget & Curl but they kept failing with the same messages.

This is the server system I use: Red Hat Enterprise Linux Server 7.8 (Maipo)

WGET

GNU Wget 1.14 built on linux-gnu.

[root@ip-10-X-X-X ~]# wget -v https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747-linux.zip
--2022-06-09 09:56:55--  https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747-linux.zip
Resolving binaries.sonarsource.com (binaries.sonarsource.com)... 99.84.191.23, 99.84.191.71, 99.84.191.75, ...
Connecting to binaries.sonarsource.com (binaries.sonarsource.com)|99.84.191.23|:443... connected.
Unable to establish SSL connection.

CURL

curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.44 zlib/1.2.7 libidn/1.28 libssh2/1.8.0
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz unix-sockets

[root@ip-10-X-X-X ~]# curl -O -v https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747-linux.zip
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* About to connect() to binaries.sonarsource.com port 443 (#0)
*   Trying 99.84.208.28...
* Connected to binaries.sonarsource.com (99.84.208.28) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
  0     0    0     0    0     0      0      0 --:--:--  0:00:29 --:--:--     0* NSS error -5938 (PR_END_OF_FILE_ERROR)
* Encountered end of file
  0     0    0     0    0     0      0      0 --:--:--  0:00:30 --:--:--     0
* Closing connection 0
curl: (35) Encountered end of file

I'm new with using this EC2 server. Do you know what could I do to solve this?

Thank you, any help would be really appreciated!

UPDATE:

I added -k and --no-check-certificate to respectively curl & wget, but still returning the same error messages
I tried to check the wget connection, but it doesn't seem to work for URLs with download end-point:

[root@ip-10-70-10-87 settings]# wget -q --spider https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747-linux.zip
[root@ip-10-70-10-87 settings]# echo $?
4
[root@ip-10-70-10-87 settings]# wget -q --spider https://www.google.com/
[root@ip-10-70-10-87 settings]# echo $?
0
[root@ip-10-70-10-87 settings]# wget -q --spider https://dlcdn.apache.org/maven/maven-3/3.8.6/binaries/apache-maven-3.8.6-bin.tar.gz
[root@ip-10-70-10-87 settings]# echo $?
4
[root@ip-10-70-10-87 settings]# wget -q --spider https://assets.ctfassets.net/br4ichkdqihc/6jNPyoUDznu06Mk4dr9CEn/560e34fec221fad43a501442a551ad92/SimpliSafe_Outdoor_Battery_Camera_Open_Source_Disclosures_Launch.DOCX
[root@ip-10-70-10-87 settings]# echo $?
4
[root@ip-10-70-10-87 settings]# wget -q --spider https://twitter.com/home
[root@ip-10-70-10-87 settings]# echo $?
0

I checked the availability of proxy following this answer (i.e. env | grep -i proxy), and nothing came up as response, so I assume I've got no proxy configured

A work around could be to use `-k` flag with curl or `--no-check-certificate` with wget. It's not a solution! — Riz, Jun 09 '22 at 14:46
Have you updated the O/S on your EC2? It looks like your SSL info is old or bad. — stdunbar, Jun 09 '22 at 14:55
First try updating the `openssl` package but I think you CA certificates may be broken in some way. Try following this guide to reset your list of trusted CA certificates - https://access.redhat.com/solutions/1549003 — tino1b2be, Jun 11 '22 at 14:19
hi @Riz, I already tried adding both `-k` and `--no-check-certificate` to the curl & wget, yet both still returning the same error messages mentioned — Galih, Jun 13 '22 at 07:06
@stdunbar how do I ensure if my OS is up to date? I'm sure that OS is monthly patched by the admin, but I just wanna make sure.. — Galih, Jun 13 '22 at 07:09
@Galih - run `sudo yum check-update` to see what needs updated. Run `sudo yum update` to update them. — stdunbar, Jun 13 '22 at 14:11
@Galih, for the moment if you just want to download sonar and don't want to worry about `ssl` issue, just download from `http`. Try (I tested and for me it works) `wget http://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747-linux.zip` . — Riz, Jun 13 '22 at 15:47

TaylorBlackburn-292 · Answer 1 · 2022-06-10T07:27:29.883

1

Have you tried to update the OS and try to use the wget command without the -v flag like this:

wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747-linux.zi

you can also add --no-check-certificate or you can modify the ~/.wgetrc file and add

check_certificate = off

You can do this two things if you trust the host, hope this helps

edited Jun 10 '22 at 07:27

answered Jun 10 '22 at 05:49

TaylorBlackburn-292

74
5

Hi @TaylorBlackburn-292. first of all, how do I know if my OS is up to date? I'm pretty sure that the server got the OS patched monthly by the admin but I just want to make sure.. For removing the -v during wget, no it's still not working with the same error message as mentioned. Adding `--no-check-certificate` also still returned that error message of `Unable to establish SSL connection.` – Galih Jun 13 '22 at 06:41
You can check if your OS is up to date with this commands: `sudo yum check-update` `sudo yum update` for the error that you are still getting check modifying the ~/.wgetrc file and add this line: `check_certificate = off` I hope this helps – TaylorBlackburn-292 Jun 16 '22 at 00:37

Nanthini Muniapan · Answer 2 · 2022-06-13T08:02:28.547

0

May I know if you are using any proxies for this ec2? If yes could you try to execute the wget command with --no-proxy option.

Found a similar issue in here, perhap its good to check for tls version compatibility as mentioned in the answers: Unable to establish SSL connection upon wget on Ubuntu 14.04 LTS

edited Jun 13 '22 at 08:02

answered Jun 13 '22 at 07:53

Nanthini Muniapan

446
6
19

hi @Nanthini, I checked the availability of the proxy following [this answer](https://askubuntu.com/questions/3807/how-to-check-if-network-proxy-is-really-applied#:~:text=%25-,env%20%7C%20grep%20%2Di%20proxy,-http_proxy%3Dhttp%3A//172.17.0.130), and nothing came up afterward, so I assume I've got no proxy used.. and for the tls version compatibility, I will check further for that – Galih Jun 13 '22 at 09:16

Cannot download with Curl and Wget in AWS EC2 Linux server

2 Answers2