SSL server certificate verify failed
2,492 views
Skip to first unread message
Caleb Sweeney
Oct 6, 2016, 1:04:24 AM10/6/16
to rubygems.org
Was setting up rails on my system and now any gem command with the source to rubygems.org with https will not allow a connection. This was verified working on my other system recently. Is this effecting other users?
Wencheng Chen
Oct 6, 2016, 1:55:20 AM10/6/16
to rubygems.org
It doesn't work on my system either since yesterday. any solution?
Philippe Lafoucrière
Oct 6, 2016, 7:23:49 AM10/6/16
to rubyge...@googlegroups.com
works fine for me:
$ docker run -it --rm ruby:2.1 gem install rails
$ curl -I https://api.rubygems.org/specs.4.8.gz
HTTP/1.1 200 OK
x-amz-id-2: 8o/zPdNrJfNMpuXRFnBdZ9j9XNjIuHmRfXs6QSXQzUAIRIF0tzV0vFxDM9K79nq/4EUeZvE50Uo=
x-amz-request-id: 03C3E409231E664B
x-amz-replication-status: PENDING
Last-Modified: Thu, 06 Oct 2016 11:18:04 GMT
ETag: "ff3fd06717ad77ff7937370a11d83f13"
Cache-Control: max-age=31536000
x-amz-meta-surrogate-key: full-index
x-amz-version-id: .zlY0JJinFEBkTdoFBS.BoA3ygUwbIJT
Server: AmazonS3
X-Backend: F_S3 54.231.176.221:443
Fastly-Restarts: 1
Content-Length: 2996066
Accept-Ranges: bytes
Date: Thu, 06 Oct 2016 11:20:12 GMT
Via: 1.1 varnish
Age: 125
Connection: keep-alive
X-Served-By: cache-jfk8136-JFK
X-Cache: HIT
X-Cache-Hits: 9
X-Timer: S1475752812.155713,VS0,VE0
Vary: Fastly-SSL
Content-Type: application/octet-stream
Fetching: i18n-0.7.0.gem (100%)
Successfully installed i18n-0.7.0
Fetching: thread_safe-0.3.5.gem (100%)
Successfully installed thread_safe-0.3.5
Fetching: tzinfo-1.2.2.gem (100%)
Successfully installed tzinfo-1.2.2
Fetching: minitest-5.9.1.gem (100%)
Successfully installed minitest-5.9.1
Fetching: concurrent-ruby-1.0.2.gem (100%)
Successfully installed concurrent-ruby-1.0.2
Fetching: activesupport-5.0.0.1.gem (100%)
ERROR: Error installing rails:
activesupport requires Ruby version >= 2.2.2.
(last error is unrelated)
sebastian....@gmail.com
Oct 6, 2016, 3:22:27 PM10/6/16
to rubygems.org
I am among those who face this problem:
λ gem install bundler
ERROR: Could not find a valid gem 'bundler' (>= 0), here is why:
Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://api.rubygems.org/specs.4.8.gz)
λ curl -I https://api.rubygems.org/specs.4.8.gz
HTTP/1.1 200 OK
x-amz-id-2: BxeCyusAHXLh6WWSKKRsKM2GE7eC2+G1OArjhfElQCB+47U97tiHuwTJRXBzLOC3ne3AF7kgulo=
x-amz-request-id: B13CFDB8A642ACC9
x-amz-replication-status: COMPLETED
Last-Modified: Thu, 06 Oct 2016 19:15:46 GMT
ETag: "e4ebb6ee55a8287bb5c98cc28ee0610d"
Cache-Control: max-age=31536000
x-amz-meta-surrogate-key: full-index
x-amz-version-id: peTjSbChvK.DV6ABXS2K5F8zvFVEsVch
Server: AmazonS3
X-Backend: F_S3 54.231.185.33:443
Fastly-Restarts: 1
Content-Length: 2996424
Accept-Ranges: bytes
Date: Thu, 06 Oct 2016 19:17:13 GMT
Via: 1.1 varnish
Age: 39
Connection: keep-alive
X-Served-By: cache-fra1224-FRA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1475781433.258607,VS0,VE3
Vary: Fastly-SSL
Content-Type: application/octet-stream
λ gem install bundler
ERROR: Could not find a valid gem 'bundler' (>= 0), here is why:
Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://api.rubygems.org/specs.4.8.gz)
λ curl -I https://api.rubygems.org/specs.4.8.gz
HTTP/1.1 200 OK
x-amz-id-2: BxeCyusAHXLh6WWSKKRsKM2GE7eC2+G1OArjhfElQCB+47U97tiHuwTJRXBzLOC3ne3AF7kgulo=
x-amz-request-id: B13CFDB8A642ACC9
x-amz-replication-status: COMPLETED
Last-Modified: Thu, 06 Oct 2016 19:15:46 GMT
ETag: "e4ebb6ee55a8287bb5c98cc28ee0610d"
Cache-Control: max-age=31536000
x-amz-meta-surrogate-key: full-index
x-amz-version-id: peTjSbChvK.DV6ABXS2K5F8zvFVEsVch
Server: AmazonS3
X-Backend: F_S3 54.231.185.33:443
Fastly-Restarts: 1
Content-Length: 2996424
Accept-Ranges: bytes
Date: Thu, 06 Oct 2016 19:17:13 GMT
Via: 1.1 varnish
Age: 39
Connection: keep-alive
X-Served-By: cache-fra1224-FRA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1475781433.258607,VS0,VE3
Vary: Fastly-SSL
Content-Type: application/octet-stream
David Radcliffe
Oct 6, 2016, 3:50:04 PM10/6/16
to rubyge...@googlegroups.com
Hi friends,
The reason you're having trouble is that we did switch to a new SSL cert this week. We've been preparing for this for months and if you have a recent version of rubygems and/or bundler installed, you should have no problems. However, if you're using an older version AND your system has outdated system certs (very common on Windows) you might get this error.
Here's a good guide on the problem and solutions: http://guides.rubygems.org/ssl-certificate-update/
The version numbers and links are a bit old; this was from the last time we switched ssl certs. The general solution still works.
Alternatively on non-Windows machines you can probably update ca-certificates.
If you have the latest versions of both installed and you're still having trouble, feel free to open a help ticket at http://help.rubygems.org/discussion/new
Latest rubygems: 2.6.7
Latest bundler: 1.13.2
(as of today)
---
David Radcliffe
David Radcliffe
--
You received this message because you are subscribed to the Google Groups "rubygems.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubygems-org+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Marek Mierzwa
Oct 11, 2016, 9:34:48 AM10/11/16
to rubygems.org
Hi David,
I followed the instructions described in guide you linked but I'm still getting this error:
$ gem --version
2.0.14.1
PLMAMIE1@PL-L-R9016GCT C:\Users\plmamie1
$ gem install --local D:\temp\rubygems-update-2.0.15.gem
Successfully installed rubygems-update-2.0.15
Parsing documentation for rubygems-update-2.0.15
Installing ri documentation for rubygems-update-2.0.15
1 gem installed
$ update_rubygems --no-ri --no-rdoc
RubyGems 2.0.15 installed
------------------------------------------------------------------------------
RubyGems installed the following executables:
C:/Ruby200-x64/bin/gem
$ gem install wraith
ERROR: Could not find a valid gem 'wraith' (>= 0), here is why:
Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://rubygems.org/latest_specs.4.8.gz)
I could not download the SSL certificate for the manual fixed because I'm getting 404 on the link in the article.
Any clue?
Cheers
Marek
---
David Radcliffe
To unsubscribe from this group and stop receiving emails from it, send an email to rubygems-org...@googlegroups.com.
David Radcliffe
Oct 11, 2016, 9:40:28 AM10/11/16
to rubyge...@googlegroups.com
You'll need rubygems 2.6.7 or later. We've fixed the broken link in the guide.
---
David Radcliffe
David Radcliffe
To unsubscribe from this group and stop receiving emails from it, send an email to rubygems-org+unsubscribe@googlegroups.com.
Paul Newell
Oct 12, 2016, 4:18:50 PM10/12/16
to rubygems.org
I also had this problem on a Mac (10.10.5) I followed all the suggested instructions. I also ran into the missing file and put the problem aside. I tried again today, reinstalled gem 2.6.7 and got the fixed link.
But I am still having the problem. I tried placing the new file (GlobalSignRootCA.pem) in all the ssl_certs directories under my .rvm but it had no effect. Further research (OpenSSL::X509::DEFAULT_CERT_(FILE|DIR)) led me to /etc/openssl/cacerts.pem so I tried appending the .pem file to that. That didn't work. I also tried creating the directory /etc/openssl/certs and copying the file there but I am still getting the same error.
But I am still having the problem. I tried placing the new file (GlobalSignRootCA.pem) in all the ssl_certs directories under my .rvm but it had no effect. Further research (OpenSSL::X509::DEFAULT_CERT_(FILE|DIR)) led me to /etc/openssl/cacerts.pem so I tried appending the .pem file to that. That didn't work. I also tried creating the directory /etc/openssl/certs and copying the file there but I am still getting the same error.
Krzysztof Gulcz
Oct 14, 2016, 9:47:54 AM10/14/16
to rubygems.org
I have the same problem and updating rubygems and bundler didn't help.
Now, I noticed that although rubygems ships with its own certificates (in ssl_certs) it also loads my default system certificates by calling
store.set_default_paths when configuring connection for https. This loads my cert.pem from /etc/openssl. And there must be something wrong with it, because when I delete this cert.pem the problem disappears!
But what can be wrong? It's not expired, because I just recreated it with
rvm osx-ssl-certs update all and its expiration year is 2030. Any thoughts?
Message has been deleted
Rory Koehler
Oct 20, 2016, 1:33:09 PM10/20/16
to rubygems.org
Hi David,
Thanks for the infos. They helped a lot,. I'd like to recommend to update Step 4 in the link you posted with "Restart your terminal shell".
Thanks for the infos. They helped a lot,. I'd like to recommend to update Step 4 in the link you posted with "Restart your terminal shell".
Rory
---
David Radcliffe
To unsubscribe from this group and stop receiving emails from it, send an email to rubygems-org...@googlegroups.com.
Brent Allen
Jan 8, 2017, 8:58:41 AM1/8/17
to rubygems.org
Yes! I had this problem a few months back. These links should help you understand why this is happening and the fix:
Reply all
Reply to author
Forward
0 new messages