Microsoft WinGet package manager failing from expired SSL certificate


Microsoft’s WinGet package manager is currently having problems installing or upgrading packages after WinGet CDN’s SSL/TLS certificate expired.

Released in May 2020, the open source Windows Package Manager (WinGet) allows users to install applications directly from the command line.

WinGet down after CDN’s SSL expires

Starting late evening hours of Saturday, Windows users began reporting issues when attempting to install or upgrade apps via WinGet.

WinGet user Tiger Wang shared a screenshot on GitHub of their command line throwing an “InternetOpenUrl() failed” error as they tried running simple WinGet commands, such as:

winget upgrade --all --verbose.

Users report errors while using WinGet
Users report errors while using WinGet (GitHub)

This report was seconded by another user who was also experiencing the issue. The problem appears to be connected to WinGet CDN’s SSL/TLS certificate that has now expired.

When navigating to the CDN URL, https://cdn.winget.microsoft.com in Chrome, BleepingComputer received the following error:

WinGet CDN SSL expiration
WinGet CDN’s SSL/TLS certificate expiration warning (BleepingComputer)

Both the warning and the certificate details confirm that WinGet CDN’s certificate stopped being valid over the weekend:

SSL expiry date
Certificate’s expiry date shown in GMT+05:30 (BleepingComputer)

What is a temporary solution?

Until Microsoft renews the SSL certificate, WinGet users can rest easy knowing there’s an alternate workaround to address the situation.

This involves adding the following source URL to WinGet’s list of sources, as opposed to relying solely on cdn.winget.microsoft.com. That way, WinGet can fetch the packages from this alternate server which has a valid certificate at the time of writing.

https://winget.azureedge.net/cache

“You can add a source like https://winget.azureedge.net/cache using the command below,” GitHub user qilme advised.

sudo winget source add -n winget https://winget.azureedge.net/cache

The winget tool source command enables users to manage sources for Windows Package Manager. With the source command, one can add, list, edit, delete, reset, or export repositories used by WinGet.

Note: When executing the above command, ‘sudo’ is not required if the command is being run in PowerShell by an administrator account. Should you experience errors, try removing the default WinGet source prior to adding the new azureedge link.

The azureedge URL in question is an alias for WinGet’s CDN, albeit with a valid certificate which makes it a viable solution for WinGet devs:

nslookup DNS query for WinGet CDN
‘nslookup’ results for WinGet CDN’s hostname (BleepingComputer)

Once Microsoft has renewed the primary CDN’s certificate, users can optionally choose to reset their source URLs by running another command:

“You can always run winget source reset –force (as admin) to get back to defaults,” advises GitHub user Adam Langbert.

Prior to today, WinGet’s last widespread disruption occurred in November 2022 due to the CDN returning a “0-byte database file” when queried.



Source link