fetch: authentication error on FreeBSD


If you download a file over TLS with fetch(1) in FreeBSD base and get the following error…

# fetch https://$URL
fetch: https://$URL: Authentication error

… it means you don’t have a certificate store installed for fetch to validate the site’s certificate against. Here’s the Mozilla one you can use, with the usual caveats and warnings about checking this yourself before installing:

# pkg install -y ca_root_nss

You can also download without verifying the certificate. Which you definitely shouldn’t do unless under extenuating circumstances:

# fetch --no-verify-peer https://$URL

As an aside, fetch is pretty great. I made it a challenge to run more stock FreeBSD last year, and I’ve been using it in lieu of curl (and I suppose wget) I do miss being able to specify ranges in curl, but it’s nothing a shell script to feed fetch a range of addresses to couldn’t fix. It’s also available in pkgsrc thanks to joerg@.

(I even had a third party tool I was using that expected curl, which I aliased to a script that fed the URL to fetch. I can’t say this is good practice at all, but it worked!)

Author bio and support


Ruben Schade is a technical writer and IaaS engineer in Sydney, Australia who refers to himself in the third person in bios. Wait, not BIOS… my brain should be EFI by now.

The site is powered by Hugo, FreeBSD, and OpenZFS on OrionVM, everyone’s favourite cloud infrastructure provider.

If you found this post helpful or entertaining, you can shout me a coffee or buy some silly merch. Thanks!