Overpass API developpement

[Roland Olbricht <>]

Hi Igor,

thank you for asking.

> ./download_clone.sh --db-dir=database_dir 
> --source=http://dev.overpass-api.de/api_drolbr/  
> <http://dev.overpass-api.de/api_drolbr/>  --meta=no
>
> But it doesn't seem to get anywhere:
[..]> Connecting to dev.overpass-api.de <http://dev.overpass-api.de>
> (dev.overpass-api.de <http://dev.overpass-api.de>)|95.217.37.171|:443...
> connected.
> ERROR: cannot verify dev.overpass-api.de <http://dev.overpass-api.de>'s
> certificate, issued by ‘CN=R3,O=Let's Encrypt,C=US’:
>    Issued certificate has expired.

This is a little bit intricate. The CA of dev.overpass-api.de, Let's
Encrypt, has issued a new root certificate some time ago. That root
certificate is no longer cross-signed, but self sustained.

If the certificate list that you use is older than a year or so, then it
might simply lack the Let's Encrypt root certificate. This does not
happen with browsers as Let's Encrypt has waited until they were
sufficiently recent. But it may affect other HTTPS clients. Let's
Encrypt had specifically mentioned some Java version, but wget would be
definitely a candidate for the problem.

Plese try whether
wget https://overpass-api.de
is also a problem. Then this is due to the certificate store used by wget.

You can get over that problem by changing in download_clone.sh the line
with "wget" to

  wget --no-check-certificate -c -O "$2" "$1"

I'm sorry for the inconvenience,

Roland