Lynx doesn't recognize Let's encrypt certs

I ran this command: lynx

It produced this output: SSL error:self signed certificate-Continue? (y)

That self-signed cert is created when Webmin/Virtualmin is installed.

If I run: lynx -dump

Looking up
Making HTTPS connection to
Retrying connection without TLS.
Looking up
Making HTTPS connection to
Alert!: Unable to make secure connection to remote host.
lynx: Can't access startfile

/etc/lynx.cfg contains:

Reading other forum posts I added:
I have to say that SSL_CERT_FILE is not a variable in default lynx.cfg file

Still the same problem. It happens only with SSL. Other domains with no certs work okay.

Lynx Version 2.8.6rel.5 (09 May 2007)
libwww-FM 2.14, SSL-MM 1.4.1, OpenSSL 1.0.0-fips, ncurses 5.7.20090207(wide)
Built on linux-gnu Aug 25 2010 15:17:35

My web server is Apache 2.2.14

The operating system my web server runs on is Centos 6.10

I can login to a root shell on my machine

I'm using a control panel to manage my site: Webmin/Virtualmin

Lynx 2.8.6rel.5 doesn’t support SNI. So it can’t tell the server how to select the correct certificate before sending the HTTP request containing the hostname.

You could try making the default VirtualHost for the server, although I don’t know how to do that with Webmin/Virtualmin.

1 Like

I suspected that SNI isn’t supported.
You mean change the default virtual server in httpd.conf ?

Yeah, essentially change the order of virtual hosts so that the one with the cert you want to use is the first.

You may have to combine multiple domains in a single cert if you want them all to work with pre-SNI clients.

Hi @marciano

it's curious. Loading a Windows-Lynx, checked two of my own sites (same server).

Both with Letsencrypt certificate, one with SNI, the other without SNI (the standard binding).

Both sites worked correct.

But checking your site:

Looking up
Making HTTPS connection to
Retrying connection without TLS.
Looking up
Making HTTPS connection to
Alert!: Unable to make secure connection to remote host.

lynx: Can't access startfile

So if you use a Lynx with SNI-support, there is an error.

You have some blocked urls / mixed content.

But I don't know if this is the problem.

PS: You have a redirect.

D:\temp>download -h
SSL-Zertifikat is valide
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Length: 0
Cache-Control: max-age=86400, private
Content-Type: text/html; charset=ISO-8859-1
Date: Mon, 22 Oct 2018 22:32:02 GMT
Expires: Mon, 22 Oct 2018 22:32:02 GMT
Location: index_banco_es.php
Server: Apache
X-Powered-By: PHP/5.3.3

Status: 301 MovedPermanently

580,60 milliseconds
0,58 seconds

But a redirect without a domain name. Change your redirect location to

Hmm, that’s odd - I tried lynx 2.8.9dev.16 on Ubuntu and seemed to work fine… it did complain about the relative Location, but loaded anyway.

There may be some other incompatibilities with older lynx versions, I guess, protocol versions or cipher suites or something like that?

1 Like

Yep, it's a problem of this Windows-Lynx.

Tested with one of my own domains - Windows-Lynx supports only Tls.1.0.

Checked via Ssllabs -> Tls.1.0 is inactive.

1 Like

Yes, Only TLS 1.1 and 1.2 are enabled

I installed lynx in my desktop Ubuntu 18.04
Lynx Version 2.8.9dev.16 (11 Jul 2017)
libwww-FM 2.14, SSL-MM 1.4.1, GNUTLS 3.5.17, ncurses 6.1.20180127(wide
And I also have no problem with that domain

I changed relative Location to absolute but nothing changed.
I also tried lynx lynx
They have their own cert.
lynx (does not use SSL) works okay
I also tried with elinks.
Despite I get a green padlock in Firefox shows what you have stated.
Fixed but doesn’t fix the issue.
elinks -> Unable to retrieve https… SSL error

At lynx.cfg I also changed from
which is the redirected file

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.