Certificate issue for downloading youtube-dl from secure server

[seamusdemora]

Checklist

• I'm asking a question
• I've looked through the README and FAQ for similar questions
• I've searched the bugtracker for similar questions including closed ones

Question

Question
REFERENCES: #25521, #25491, #25532

These issues (REFERENCES) are now marked "CLOSED", but the solution (if there is one) is not clear. Specifically, is this a yt-dl issue, or is this an issue with my OS (macOS Catalina)?

I have used yt-dl for a while now. It's been great, but recently I'm having a problem: While troubleshooting an issue I attempted to do a fresh installation. The result:

% sudo curl -L https://yt-dl.org/downloads/latest/youtube-dl -o /usr/local/bin/youtube-dl
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

And so I have read "the webpage mentioned above", but there is nothing I can find there that is of any use. I do not understand how to fix this. It is not clear whether the problem is with the certificate at yt-dl.org, or if it is with my system somehow. I've searched for macOS issues related to this, but I've found nothing of any relevance. I've checked my cert stores in Keychain, but the only expired certs are for *.branch.io - its expiration was in 2018, and I've used yt-dl frequently since that expiry date.

I have the same issue on my older Mojave-equipped Macbook, but with a different error message:

$ sudo curl -L https://yt-dl.org/downloads/latest/youtube-dl -o /usr/local/bin/youtube-dl
Password:
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure.

This issue has now been closed 3 times, but if there is an answer, I have not been able to find it. I am asking (again) that you do not close this issue until it is determined, and stated plainly that the issue is NOT with the certificate at yt-dl.org.

Cheers!

[dstftw]

I've already pointed out: yt-dl.org certificate is fine and not expired.

[seamusdemora]

Unfortunately, that does not help me. Reading the link in your answer, I find this:

What You Need to Do
For most use cases, including certificates serving modern client or server systems, no action is required, whether or not you have issued certificates cross-chained to the AddTrust root.

In summary then: You say your cert is fine, but your CA says I need do nothing. This is a useless answer.