Earthdata Forum

I'm not sure if I'm in the right place, hopefully this is Oceancolor!

Just starting today, we're having trouble downloading files from our subscription, using wget. We get an error "Let's Encrypt - Issued Certificate has Expired"

Am I the only one getting that?

Thanks

Jeff

Hi Jeff,

Our systems admins updated certificates this morning. To help us figure out if this caused an issue for you, please send an email to connection_problems@oceancolor.sci.gsfc.nasa.gov with the following information:

1. The date and time you last attempted to access the site

2. The IP network address of your system.
You may also want to verify that we see you as that address by visiting an IP-checking website:
https://www.google.com/#q=what+is+my+ip+address

3. Output from a traceroute command (on Windows use tracert)
Examples:
traceroute oceancolor.gsfc.nasa.gov
or
traceroute oceandata.sci.gsfc.nasa.gov

4. Output from "wget -d https://oceancolor.gsfc.nasa.gov"
or "wget -d oceandata.sci.gsfc.nasa.gov"

Alternatively, you can try "curl -IL --verbose https://oceancolor.gsfc.nasa.gov"

Got the same issue today. Was able to go around it by using --no-check-certificate in the wget command.

Alicia, thanks for the response. The connection started to work yesterday PM, it appears to be working fine now. I don't know what changed, but I'm good with it!

Thanks guys.
Jeff

It's great that you both have been able to retrieve your data!

To follow up on our end: Our system admins confirmed that if/when you receive messages like 'Let's Encrypt' or similar, first make sure that you have applied all available software updates and security patches to your own systems. A reboot may be required. Once your system is patched you should be able to connect to NASA OceanColor.

Learn more: how to fix dst root ca x3 expiration

Hello

I have solved the present certificate issue in downloading by simply adding a --no-check-certificate to my wgets. However, my code of generation of MODIS L2 have a no zero exit at the subroutine get_anc.py and MODIS_geo.py (see later error logs). I guess that it is still related to certificate issues (as starting the 1st October) that prevented direct wget.
Any suggestions/hints would be really appreciated.

Thank you
Fabrizio

Traceback (most recent call last):
File "/omtab/home/fabrizio/ocssw//scripts/modis_GEO.py", line 194, in <module>
sys.exit(main())
File "/omtab/home/fabrizio/ocssw//scripts/modis_GEO.py", line 185, in main
m.atteph()
File "/omtab/home/fabrizio/ocssw/scripts/modules/modis_GEO_utils.py", line 238, in atteph
get.findweb()
File "/omtab/home/fabrizio/ocssw/scripts/modules/anc_utils.py", line 428, in findweb
verbose=self.verbose
File "/omtab/home/fabrizio/ocssw/scripts/modules/ProcUtils.py", line 74, in httpdl
with closing(obpgSession.get(urlStr, stream=True, timeout=timeout)) as req:
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 479, in get
return self.request('GET', url, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 467, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 570, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 385, in send
raise SSLError(e)
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
Aqua
Traceback (most recent call last):
File "/omtab/home/fabrizio/ocssw//scripts/getanc.py", line 196, in <module>
sys.exit(main())
File "/omtab/home/fabrizio/ocssw//scripts/getanc.py", line 189, in main
g.findweb()
File "/omtab/home/fabrizio/ocssw/scripts/modules/anc_utils.py", line 428, in findweb
verbose=self.verbose
File "/omtab/home/fabrizio/ocssw/scripts/modules/ProcUtils.py", line 74, in httpdl
with closing(obpgSession.get(urlStr, stream=True, timeout=timeout)) as req:
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 479, in get
return self.request('GET', url, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 467, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 570, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 385, in send
raise SSLError(e)
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

I am having exactly the same problem trying to download MOD09GA data, with the same error messages as above.

Any solutions would be appreciated.

Hello Fabrizio (and others in the thread),

I would agree that your issue is with the certificate and so the recommendation for you is mentioned above:

To follow up on our end: Our system admins confirmed that if/when you receive messages like 'Let's Encrypt' or similar, first make sure that you have applied all available software updates and security patches to your own systems. A reboot may be required. Once your system is patched you should be able to connect to NASA OceanColor.

Learn more: how to fix dst root ca x3 expiration

I have an issue while downloading the data can anyone suggest on this

ERROR: cannot verify disc2.gesdisc.eosdis.nasa.gov's certificate, issued by '/C=US/O=Let\'s Encrypt/CN=R3':
Unable to locally verify the issuer's authority.

See solution above ^^