Microsoft’s WinGet package manager is currently having problems installing or upgrading packages after WinGet CDN’s SSL/TLS certificate expired.
, the open source Windows Package Manager (WinGet) allows users to install applications directly from the command line.
WinGet down after CDN’s SSL expires
Starting late evening hours of Saturday, Windows users began reporting issues when attempting to install or upgrade apps via WinGet.
WinGet user Tiger Wang on GitHub of their command line throwing an “InternetOpenUrl() failed” error as they tried running simple WinGet commands, such as:
winget upgrade --all --verbose.
This report was seconded by who was also experiencing the issue. The problem appears to be connected to WinGet CDN’s SSL/TLS certificate that has now expired.
When navigating to the CDN URL, https://cdn.winget.microsoft.com in Chrome, BleepingComputer received the following error:
Both the warning and the certificate details confirm that WinGet CDN’s certificate stopped being valid over the weekend:
What is a temporary solution?
Until Microsoft renews the SSL certificate, WinGet users can rest easy knowing there’s an alternate workaround to address the situation.
This involves adding the following source URL to WinGet’s list of sources, as opposed to relying solely on cdn.winget.microsoft.com. That way, WinGet can fetch the packages from this alternate server which has a valid certificate at the time of writing.
“You can add a source like https://winget.azureedge.net/cache using the command below,” GitHub user qilme .
sudo winget source add -n winget https://winget.azureedge.net/cache
The enables users to manage sources for Windows Package Manager. With the source command, one can add, list, edit, delete, reset, or export repositories used by WinGet.
Note: When executing the above command, ‘sudo’ is not required if the command is being run in PowerShell by an administrator account. Should you experience errors, try prior to adding the new azureedge link.
The azureedge URL in question is an alias for WinGet’s CDN, albeit with a valid certificate which makes it a viable solution for WinGet devs:
Once Microsoft has renewed the primary CDN’s certificate, users can optionally choose to reset their source URLs by running another command:
“You can always run winget source reset –force (as admin) to get back to defaults,” GitHub user Adam Langbert.
Prior to today, WinGet’s last widespread disruption due to the CDN returning a “0-byte database file” when queried.