Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

curl: (60) SSL certificate problem: unable to get local issuer certificate #2208

Closed
scaryguy opened this issue Sep 15, 2013 · 11 comments
Closed

curl: (60) SSL certificate problem: unable to get local issuer certificate #2208

scaryguy opened this issue Sep 15, 2013 · 11 comments
Milestone
before rvm-1.27.0

Comments

@scaryguy
Copy link

Hi there...

Ubuntu 13.04 here.

I'm trying to install RVM using your script but I get this error:

scaryguy@scary:~$ \curl -L https://get.rvm.io | bash -s stable  
% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   184  100   184    0     0     11      0  0:00:16  0:00:16 --:--:--   176
  0     0    0     0    0     0      0      0 --:--:--  0:00:26 --:--:--     0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

I googled a lot. I even found your support page about it but whenever I try to use sudo apt-get install ca-certificates , it says that's already installed.

I don't want to use -k options since I heard that this issue can affect connection between rubygems.org too.
@mpapis
Copy link
Member

mpapis commented Sep 15, 2013

start with running:

\curl -L https://get.rvm.io | bash -s head --debug

it will provide more details about the installation process and we can continue fixing from there

@scaryguy
Copy link
Author

Hi, sorry for late response.

I installed RVM but I even don't remember how I did it... I tried hundreds of ways to do it... But now whenever I try to get stable I get this:

scaryguy@ubuntu:~/Sites/pop10haber$ rvm get stable --debug
Running(6): curl --fail --location --max-redirs 10 https://get.rvm.io
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   184  100   184    0     0      7      0  0:00:26  0:00:23  0:00:03   210
100   184  100   184    0     0      4      0  0:00:46  0:00:45  0:00:01     4curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
RVM reloaded!
__rvm_rm_rf already gone: /home/scaryguy/.rvm/tmp/6843*

I opened a question at Stack Over Flow too...
I can't do anything because of this SSL/CA Certificate stuff... Please help :(

@scaryguy
Copy link
Author

Well okay, THANKS GOD I think I've figured it out!

All I have to do is downloading http://curl.haxx.se/ca/cacert.pem to my home directroy and adding this line :

export CURL_CA_BUNDLE="/home/scaryguy/cacert.pem" .

Now I can update RVM!

I'm not able to use my AWS gem to upload pictures yet but... Well.. I guess I'm close!

@mpapis
Copy link
Member

mpapis commented Sep 17, 2013

this kind of things should not happen on standard system kept up to date, are you sure you trieed updating system before running this?

@scaryguy
Copy link
Author

If you mean sudo apt-get update yes I did it. I have Ubuntu 12.04 LTS on VMWare Player.

I have been trying to install Ubuntu as a regular operating system since a week... No way. Always I was gone on a problem... I tried both 12.04 and 13.04 and each time I had a different problem. But This CA Bundle problem always happened.

@mpapis
Copy link
Member

mpapis commented Sep 17, 2013

@rys does it make any sense to you - the ca-certificates is installed and system was up to date with sudo apt-get update - how would it be possible that the certificates are still not available?

@scaryguy are you sure you did no manual non standard steps? (like installing another copy of curl). did you follow any tutorials to set up the system?

@scaryguy
Copy link
Author

All I did was ordinarily installing curl via sudo apt-get install curl and tryin to run your installation script.

Once I read that cURL does not include ca-certificates anymore but no idea about the which timeframe was mentioned.

@mpapis
Copy link
Member

mpapis commented Sep 17, 2013

the curl you install via apt-get should use certificates provided by ca-certificates package, I never had problems with it earlier so I'm puzzled how you were able to trigger that problem.

@ekingery ekingery mentioned this issue Feb 28, 2015
Closed
@salsa-dev
Copy link

To whom it may concern (POSSIBLE SOLUTION):
I'm on new installation of Debian (Jessie) trying to install rvm with curl and hit the error described here. Tried every possible solution found on web but nothing was of any help. It is already late and I check time with "date" to go sleep. Here we are!!!! The date is 13 years behind!!!!!!!! Syncing with ntp resolved an issue. So, dear admin, please check the time on your server!

@petrbela
Copy link

I was getting a similar error with openssl 1.0.2k. After upgrading to 1.0.2n, the problem disappeared.

@pkuczynski pkuczynski added this to the rvm-1.27.0-before milestone May 8, 2019
@BradleyGyemi-Qlik
Copy link

Certificate seems to have expired again:

In Dockerfile:

RUN command curl -sSL https://rvm.io/mpapis.asc | gpg2 --import -
&& command curl -sSL https://rvm.io/pkuczynski.asc | gpg2 --import -
&& curl -sSL https://get.rvm.io | bash -s stable \

returns:

gpg: key 3804BB82D39DC0E3: 47 signatures not checked due to missing keys
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 3804BB82D39DC0E3: public key "Michal Papis (RVM signing) mpapis@gmail.com" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
gpg: key 105BD0E739499BDB: public key "Piotr Kuczynski piotr.kuczynski@gmail.com" imported
gpg: Total number processed: 1
gpg: imported: 1
curl: (60) SSL certificate problem: certificate has expired

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
before rvm-1.27.0
Development

No branches or pull requests
6 participants
@mpapis @salsa-dev @pkuczynski @petrbela @scaryguy @BradleyGyemi-Qlik