SSL Certificate Issues w/suricata-update source list?

I’ve stood up a fresh instance of suricata-update today, and in the process of doing a “suricata-update update-sources” to get rolling, I’m seeing a surprising SSL certificate error:

7/12/2020 -- 15:17:42 - < **Error** > -- **Failed to download index: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)>**

If I attempt to wget the URL in question on an unrelated box, I see certificate problems there in further detail:

--2020-12-07 23:39:09--

Resolving (, 2600:1f16:db2:4f00:da9d:37d6:e8b9:9802

Connecting to (||:443... connected.

ERROR: The certificate of ‘’ is not trusted.

ERROR: The certificate of ‘’ doesn't have a known issuer.

…but loading the page in Chrome shows me that the certificate is trusted/valid.

Is this some sort of issue where my local certificate validation process is doing something dumb? Or has there been some recent change at the OISF that somehow got goofed and is causing others issues? I would assume it’s on my end by the lack of other threads on the issue, but you never know…

Hi Alex, this is an issue on our side. We’re looking into it.

1 Like

@akirk can you retry?

Fixed over here, that was quick. :slight_smile:

Great, thanks for confirming :slight_smile: