Friday 4 October 2013

em::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

Ok.

One day you'll see this:

$ bundle install
Fetching gem metadata from https://rubygems.org/.........
Fetching gem metadata from https://rubygems.org/..
Resolving dependencies...

Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://s3.amazonaws.com/production.s3.rubygems.org/gems/rake-10.1.0.gem)
An error occurred while installing rake (10.1.0), and Bundler cannot continue.
Make sure that `gem install rake -v '10.1.0'` succeeds before bundling.

Wait. What?

Worse is when you do a `gem list --remote` you get NOTHING.

WHAT? PHHBBTT! [Brain melts]

The issue is somewhat arcane and is embedded in rvm using openssl.

Let's have a look at the certificates:

$ rvm osx-ssl-certs status all
Certificates for /usr/lib/ssl/cert.pem: Old.
Certificates for /usr/local/etc/openssl/cert.pem: Up to date.
Certificates for /etc/openssl/cert.pem: Old.

Ah. So what worked for me is:

rvm get stable
rvm reload

If you still get 'Old' on the status, do this:

$ rvm osx-ssl-certs update all
Updating certificates for /usr/lib/ssl/cert.pem: Updating certificates in '/usr/lib/ssl/cert.pem'.
...elided...

and now you'll be able to bundle again.

3 comments:

  1. Life saver! Thank you! :D

    ReplyDelete
  2. Thank you! This helped a lot.

    ReplyDelete
  3. Thanks! Most answers I found were saying to add http://rubygems to the gem sources, but that only causes more problems.

    This is a much better solution!

    ReplyDelete