Hi Jack, thanks for your help! ...and sorry if this is not Guix specific Jack Hill writes: [...] > I think that this is due to the recent AdTrust Root CA cert expiration > [0]. The error wget gives is a little bit better, but you know about the > situation to interpret it correctly: > > """ > $ wget "https://voices.transparency.org" -O /dev/null > --2020-06-04 10:37:29-- https://voices.transparency.org/ > Resolving voices.transparency.org (voices.transparency.org)... > 52.4.225.124, 52.4.240.221, 52.1.119.170, ... > Connecting to voices.transparency.org > (voices.transparency.org)|52.4.225.124|:443... connected. > ERROR: The certificate of ‘voices.transparency.org’ is not trusted. > ERROR: The certificate of ‘voices.transparency.org’ has expired. > """ oh I see, I get this error also... but I do not understand the different behaviour with what I see in Firefox (from Debian) or ungoogled-chromium (from Guix): using one of those browsers the certificate is valid, the certificate viewer shows that the root in cert hierarchy is "USERTrust RSA Certification Authority" The section in [0] titled "Certificate Chain Diagram" states: --8<---------------cut here---------------start------------->8--- A legacy browser or older device that does not have the modern “USERTRust” root would not trust it and so would look further up the chain to a root it does trust, the AddTrust External CA Root. A more modern browser would have the USERTrust root already installed and trust itwithout needing to rely on the older AddTrust root. --8<---------------cut here---------------end--------------->8--- I do not fully understand why curl and wget return error while Firefox and ungoogled-chromium not [...] > Therefore, I think the fix is for voices.transparency.org to update the > certificate chain/bundle that they are sending. > > [0] > https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA03l00000117LT this page states: --8<---------------cut here---------------start------------->8--- Will my certificate still be trusted after May 30, 2020? Yes. All modern clients and operating systems have the newer, modern COMODO and USERTrust roots which don’t expire until 2038. --8<---------------cut here---------------end--------------->8--- Thanks! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures