Do not recommend adding --insecure to solve certificate issues #1810
There is a massive amount of scripts, examples and tutorials unconditionally adding the
A possible culprit is the
This is terrible.
The main causes of certificates that don't validate are:
The following diff displays some hints about what the root cause of a certificate error is likely to be, instead of suggesting
Yes, recommending switching off the certificate checks is a rather terrible thing to do. That's also why the option is called
This said, I'm pretty sure this error message is already a wall of text that is way too big. I think that it due to its size mostly scare people away and I doubt very many actually read the whole thing and weigh their options.
Since this already refers to a URL with most of this described in detail (and it makes sense to make that the single home for those instructions and recommendations), I think we should instead strive toward shortening this error message to a few lines.
Perhaps something like this:
The previuous message was just too long for ordinary people and it was encouraging users to use `--insecure` a little too easy. Based-on-work-by: Frank Denis in #1810
Here's some rough numbers about turning off certificate verification: