On Tue, 26 Mar 2019 21:07:54 +0100,
Roby , in
 wrote:
>  I R A Darth Aggie wrote:

>  HTTP request sent, awaiting response... 404 Not Found
>  2017-06-24 01:48:41 ERROR 404: Not Found.

Expected.

>  With https the result is this:
>   wget
> 
\https://archive.raspberrypi.org/debian/dists/jessie/main/binary-armhf/Packages
>  converted
> 
'https://archive.raspberrypi.org/debian/dists/jessie/main/binary-armhf/Packages
'
>  (ANSI_X3.4-1968) ->
> 
'https://archive.raspberrypi.org/debian/dists/jessie/main/binary-armhf/Packages
'
>  (UTF-8)
>  --2017-06-24 01:44:18--
> 
https://archive.raspberrypi.org/debian/dists/jessie/main/binary-armhf/Packages
>  Resolving archive.raspberrypi.org (archive.raspberrypi.org)...
>  46.235.227.11, 93.93.128.230, 93.93.128.133, ...
>  Connecting to archive.raspberrypi.org
>  (archive.raspberrypi.org)|46.235.227.11|:443... connected.
>  ERROR: The certificate of 'archive.raspberrypi.org' is not trusted.
>  ERROR: The certificate of 'archive.raspberrypi.org' is not yet
>  activated.
>  The certificate has not yet been activated
>
>  What do you think about it ?

I saw a reference to clock issues with certs, so what does date show?

date
Wed Mar 27 11:50:31 EDT 2019

Is your clock right? if not, correct it and try again. If it is
correct, read on.

I think that means the site answering your wget request is using a
certificate that wget can't verify against the public key. I find that
to be suspicious. Do you have the package ca-certificates installed?

dpkg -l | grep ca-certificates

what happens when you do the "wget https://..." from the pi that works
correctly?

This is what I get:

$ wget
https://archive.raspberrypi.org/debian/dists/jessie/main/binary-armhf/Packages
--2019-03-27 11:19:09-- 
https://archive.raspberrypi.org/debian/dists/jessie/main/binary-armhf/Packages
Resolving archive.raspberrypi.org (archive.raspberrypi.org)... 93.93.130.39,
46.235.227.11, 93.93.128.133, ...
Connecting to archive.raspberrypi.org
(archive.raspberrypi.org)|93.93.130.39|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 708766 (692K)
Saving to: ‘Packages’

Try this from the wonky pi:

openssl s_client -showcerts -connect archive.raspberrypi.org:443

It'll spew stuff much of which looks like gibberish, but, you'll see a
section like this near the end:

Server certificate
subject=/OU=Domain Control Validated/OU=PositiveSSL
Wildcard/CN=*.raspberrypi.org
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA
Domain Validation Secure Server CA

That's what I got, but run the openssl command from your good pi and
see if they match. If they don't, you may have a clue as to whom the
certificate belongs.

--
Consulting Minister for Consultants, DNRC
I can please only one person per day. Today is not your day. Tomorrow
isn't looking good, either.
I am BOFH. Resistance is futile. Your network will be assimilated.

--- SoupGate-Win32 v1.05