You are not logged in.
Hey all,
After updating ca-certificates-mozilla to 311 yesterday, I started getting `SSL certificate problem: unable to get local issuer certificate` for certain requests.
e.g.
$ curl -v https://random.myshopify.com
* Host random.myshopify.com:443 was resolved.
* IPv6: 2620:127:f00f:e::
* IPv4: 23.227.38.74
* Trying [2620:127:f00f:e::]:443...
* Immediate connect fail for 2620:127:f00f:e::: Network is unreachable
* Trying 23.227.38.74:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* closing connection #0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the webpage mentioned above.It seems to be an issue caused by Cloudflare and they're "working on it".
this python-certifi bug around it shows people pinning downgraded versions to keep things working in the mean time.
For me, downgrading ca-certificates-mozilla to 310 fixed it for now.
sudo pacman -U /var/cache/pacman/pkg/ca-certificates-mozilla-3.110-1-x86_64.pkg.tar.zstI didn't find any archlinux specific post about it so thought i'd make one in case others are struggling with this as well.
Offline
Can confirm, this was also the cause for this issue https://bbs.archlinux.org/viewtopic.php?pid=2241489
Offline