How do I fix certificate errors when running wget on an HTTPS URL on Windows?

Question

I'm trying to use Wget for Windows to download a document from a specific URL.

When I do this, for many (but not all) websites, I get a certificate error. For example:

C:\temp> wget https://stackoverflow.com/

Produces:

--2017-07-07 15:54:40--  https://stackoverflow.com/
Resolving stackoverflow.com (stackoverflow.com)... 151.101.193.69, 151.101.129.69, 151.101.1.69, ...
Connecting to stackoverflow.com (stackoverflow.com)|151.101.193.69|:443... connected.
ERROR: cannot verify stackoverflow.com's certificate, issued by 'CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US':
  Unable to locally verify the issuer's authority.
To connect to stackoverflow.com insecurely, use `--no-check-certificate'.

As the error message suggests, I can work around the problem by including the --no-check-certificate parameter with my command. However, I'd like to avoid that because it is (1) insecure, and (2) a hassle.

As you might expect, I can connect to https://stackoverflow.com/ (and other affected URLs) with no problems using any of the web browsers I have on this PC (Firefox, Chrome, Edge, IE, Vivaldi).

I'm not running Cygwin (so answers to this similar question don't apply).

Is there a way I can configure Wget for Windows to use the same set of root certificates that my OS and/or browsers use, such that it doesn't produce the "Unable to locally verify the issuer's authority" error?

Answer 1

The version of Wget for Windows (wget.exe) that I had been using was from http://gnuwin32.sourceforge.net/packages/wget.htm, with version number 1.11.4 and dated 2008-12-31.

I just replaced that with a newer version from https://eternallybored.org/misc/wget/, with version number 1.19.1, and which mentions "Windows certificate store support."

Using that newer version, I no longer get the Unable to locally verify the issuer's authority error, and downloads appear to work securely and fine.