Microsoft WinGet package manager failing from expired SSL certificate
Microsoft’s WinGet package manager is currently having problems installing or upgrading packages after WinGet CDN’s SSL/TLS certificate expired.
Released in May 2020, the open source Windows Package Manager (WinGet) allows users to install applications directly from the command line.
Update, Feb 12th 8:40 PM: The issue was resolved hours after publishing. Demitrius Nelon, Microsoft’s Senior Product Manager states a root cause analysis will follow on Monday.
WinGet down after CDN’s SSL expires
Starting late evening hours of Saturday, Windows users began reporting issues when attempting to install or upgrade apps via WinGet.
WinGet user Tiger Wang shared a screenshot on GitHub of their command line throwing an “InternetOpenUrl() failed” error as they tried running simple WinGet commands, such as:
winget upgrade --all --verbose
.
This report was seconded by another user who was also experiencing the issue. The problem appears to be connected to WinGet CDN’s SSL/TLS certificate that has now expired.
When navigating to the CDN URL, https://cdn.winget.microsoft.com in Chrome, BleepingComputer received the following error:
Both the warning and the certificate details confirm that WinGet CDN’s certificate stopped being valid over the weekend:
What is a temporary solution?
Until Microsoft renews the SSL certificate, WinGet users can rest easy knowing there’s an alternate workaround to address the situation.
This involves adding the following source URL to WinGet’s list of sources, as opposed to relying solely on cdn.winget.microsoft.com. That way, WinGet can fetch the packages from this alternate server which has a valid certificate at the time of writing.
“You can add a source like https://winget.azureedge.net/cache using the command below,” GitHub user qilme advised.
sudo winget source add -n winget https://winget.azureedge.net/cache
The winget tool source command enables users to manage sources for Windows Package Manager. With the source command, one can add, list, edit, delete, reset, or export repositories used by WinGet.
Note: When executing the above command, ‘sudo’ is not required if the command is being run in PowerShell by an administrator account. Should you experience errors, try removing the default WinGet source prior to adding the new azureedge link.
The azureedge URL in question is an alias for WinGet’s CDN, albeit with a valid certificate which makes it a viable solution for WinGet devs:
Once Microsoft has renewed the primary CDN’s certificate, users can optionally choose to reset their source URLs by running another command:
“You can always run winget source reset –force (as admin) to get back to defaults,” advises GitHub user Adam Langbert.
Prior to today, WinGet’s last widespread disruption occurred in November 2022 due to the CDN returning a “0-byte database file” when queried.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.