github: server certificate verification failed
2016: Make sure first that you have certificates installed on your Debian in /etc/ssl/certs
.
If not, reinstall them:
sudo apt-get install --reinstall ca-certificates
Since that package does not include root certificates, add:
sudo mkdir /usr/local/share/ca-certificates/cacert.org
sudo wget -P /usr/local/share/ca-certificates/cacert.org http://www.cacert.org/certs/root.crt http://www.cacert.org/certs/class3.crt
sudo update-ca-certificates
Make sure your git does reference those CA:
git config --global http.sslCAinfo /etc/ssl/certs/ca-certificates.crt
Jason C mentions another potential cause (in the comments):
It was the clock. The NTP server was down, the system clock wasn't set properly, I didn't notice or think to check initially, and the incorrect time was causing verification to fail.
Certificates are time sensitive.
2022: Auspex adds in the comments:
ca-certificates does indeed contain root certificates.
It doesn't contain the CAcert root certificates.This might have been a good answer 6 1/2 years ago, but those certificates were suspect way back then and haven't improved.
There's a reason they're not in theca-certificates
package.These days we have LetsEncrypt, so everyone has certificates with reliable auditing and nobody needs to rely on CAcert.
Cant clone repo. Server certificate verification failed
git clone https://git.lighttpd.net/mirrors/libev.git
works for me (without GIT_SSL_NO_VERIFY=1
) on Fedora 34. Perhaps you need to upgrade your git package, or the cacerts package on Ubuntu 20.04?
As an aside, lighttpd supports numerous native OS event frameworks, so using lighttpd with libev is unnecessary (and often slightly slower) than allowing lighttpd to directly use the native OS event framework.
Edit: lighttpd.net admin noticed that OCSP status for site certificate had expired and a script was not updating it. This has been corrected server-side.
Git Clone Fails: Server Certificate Verification Failed
Ok, I found the solution...
I guess a script (I hadn't looked at) ran on my computer which ran the line
git config --global http.sslVerify true
So the solution was simply to change run
git config --global http.sslVerify false
Heh...
fatal: unable to access 'https://xxxx.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
Probably you don't have a trusted TLS1 certificate in the server where you're hosting your GitLab instance.
Personally I would recommend you that you use trusted certificates, since the ones from Let's Encrypt are totally free, but in any case you can disable TLS1 verification for a single command:
git -c http.sslVerify=false push origin -u
Or (don't do that and use trusted cerficates) disable it at all for all the repositories:
git config --global http.sslVerify false
*1: TLS is new (not so new) replacement for SSL.
Transport Layer Security (TLS), the successor of the now-deprecated Secure Sockets Layer (SSL), is a cryptographic protocol designed to provide communications security over a computer network.
- Wikipedia, Transport Layer Security link
Related Topics
How to Keep Directory Structure with Aria2
Bash Script Does Not Continue to Read The Next Line of File
How to Redirect Ip Address Using Iptables
Nm Reports Symbol Is Defined But Ldd Reports Symbol Is Undefined
Crontab - Simple Echo Not Running
Differences Between Arm "Versions" (Armv7 Only)
How to Get Command History by Cursor Key in Linux Tclsh
Bash: Loop Until Command Exit Status Equals 0
Undefined Reference to Symbol 'Pthread_Key_Delete@@Glibc_2.2.5
Is There an Equivalent to Dbus on Osx
How to Accept Multiple Tcp Connections in Perl
Graphing The Dag Generated by Make
Starting Ddd with Remote Gdbserver
How to Simulate Two Consecutive Enter Key Presses for a Command in a Bash Script