Peer certificate cannot be authenticated with given CA certificates

Skip to first unread message


May 19, 2022, 1:12:41 PM5/19/22

I recently updated the server I use to host Santa Cruz Genome Browser track-hubs to use https as opposed to http.

It seems that the world is a changing, and Chrome was often blocking users not using https.

The old tracks hubs seem to work fine except for SNAKEtracks.  They are taking forever to load and then throwing an error about the certificate

"BUG: CURL error getting file status via HEAD: ... Peer certificate cannot be authenticated with given CA certificates"

Here is an example session ... but it is happening with all my SNAKE tracks.


I am assuming the error is coming from your server trying to access my hal file via https.  But the error suggests a configuration error on my end?

Is there any command line way to illustrate/reproduce the error via remote access so I can have a unix support person try to fix it?

hubCheck throws and error (perhaps it always was??), I am unsure it is related to this certificate problem??

### kent source version 393 ###
0 tracks in GCF_000238955.4
0 tracks in Anc0
0 tracks in CA
0 tracks in DC
Found 4 problems:
Unsupported type 'halSnake' in hub genome Anc0 track snakeGCF_000238955.4
Unsupported type 'halSnake' in hub genome CA track snakeAnc0
Unsupported type 'halSnake' in hub genome DC track snakeAnc0
Unsupported type 'halSnake' in hub genome GCF_000238955.4 track snakeAnc0


Gerardo Perez

May 20, 2022, 4:51:03 PM5/20/22
to Tony, genome-mirror

Hello, Tony.

Thank you for your interest in the Genome Browser and your question regarding your SNAKE tracks error.

One of our engineers pointed out that you are using a version of hubCheck compiled without HAL support. HAL access uses libcurl, not the UCSC browser libraries. Curl is giving no error at the moment:

$ curl -O
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 1344M  100 1344M    0     0   110M      0  0:00:12  0:00:12 --:--:--  111M

Our engineer shares that this one seems to think that their server should include more certs to complete the chain:

This server's certificate chain is incomplete. Grade capped to B.

I hope this is helpful. If you have any further questions, please reply to All messages sent to that address are archived on a publicly-accessible Google Groups forum. If your question includes sensitive data, you may send it instead to

Gerardo Perez
UCSC Genomics Institute


You received this message because you are subscribed to the Google Groups "UCSC Genome Browser Mirror-Specific Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit
Reply all
Reply to author
0 new messages