Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
certificate and other errors when cloning over https and ssh #1212
hi, i am trying to clone a repo via https, and get the following error:
fatal: unable to access 'https://mydomain:8080/user/repo.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
i am using a certificate signed by startcom, not self-signed. i can access everything fine via the browser, but not with git on the command-line. i wonder if it is asking for the ca.pem file which startcom provided, but there is no directive in app.ini to specify it? i'm not sure if this is a problem with gogs, apache or git.
Also, I cannot clone via ssh using the details supplied in gogs, i am asked for the password for user "gogs":
when i enter the password (why is authentication needed, i was expecting github-style unauthenticated ssh read access?), i get:
in app.ini, the relevant settings are:
Thanks your feedback!
For your first problem, Gogs uses standard way to start a HTTPS with TLS, if something can't go right with it, it may a issue with Go itself, or your CA isn't really right somehow as @okket showed.
For the second problem, I think your SSH auth key file in your server has been manually added your SSH key before you add it to Gogs. Gogs needs to completely occupy this file, so use another user to run Gogs should be the solution.
Regarding the clone issue, we just had the same symptoms and I think I can give some more insight here.
Basically, the generated authorized_keys file of the gogs-user gets generated wrong. Instead of just putting the key into the file, some command line parameters are also witten just before the key in question.
Here's what the authorized_keys file looks like on our machine after adding a key via the web interface:
When I remove the extra garbage before the actual key manually, everything works fine.
Hope that helps
Hello I had the same error and y discover the warnings with https://www.sslshopper.com/ssl-checker.html
jorge@ulises:~/workspace> git clone https://mydomain.io:3000/desarrollo/myrepo Cloning into 'myrepo'... fatal: unable to access 'https://mydomain.io:3000/desarrollo/myrepo/': SSL certificate problem: unable to get local issuer certificate
Errors given with
jorge@ulises:~/workspace> curl https://mydomain.io:3000 curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.
For Let's Encrypt SSL cert (http://letsencrypt.org/) solution, I use in config file:
I fixed the exact same error by discovering it was a file permission error using
I noticed the 'Permission denied' and prompt fixed the file permission settings to /etc/ssl/certs.
Happy as a clam now.