[SOLVED] wget ERROR: The certificate of ‘xyz’ is not trusted, has expired

wget ERROR: The certificate of ‘xyz’ is not trusted, has expired

I have a Debian 10 buster server, one of several identical hardware/software configs. I use a script that deploys them, they are all identical. However, one of them is throwing an error when using wget:

# wget https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/linux-5.6.15.tar.xz
--2020-05-30 12:49:20--  https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/linux-5.6.15.tar.xz
Resolving mirrors.edge.kernel.org (mirrors.edge.kernel.org)... 147.75.69.165, 2604:1380:1000:8100::1
Connecting to mirrors.edge.kernel.org (mirrors.edge.kernel.org)|147.75.69.165|:443... connected.
ERROR: The certificate of ‘mirrors.edge.kernel.org’ is not trusted.
ERROR: The certificate of ‘mirrors.edge.kernel.org’ has expired.

Things I've done:

Checked that the SSL certificate is valid
Confirmed the exact same command works on other servers
Checked the system date, confirmed correct
Checked resolv.conf, configuring for 8.8.8.8 8.8.4.4 identical to others
Checked name resolution manually, working fine
Reinstall apt-get install --reinstall ca-certificates
Ran update-ca-certificates --fresh
Ran c_rehash
Used curl, it works fine without errors, shows correct SSL expiration

The problem seems to only be wget from what I can tell. I don't need a workaround. I need a solution so I have confidence this server is operating as it should.

Solution

I was able to solve my own problem using --no-dns-cache

# wget --no-dns-cache --debug https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/linux-5.6.15.tar.xz

After this, it apparently updated whatever file was broken. It now works without the --no-dns-cache as well. So strange, but it seems stable.