You are not logged in.
- Topics: Active | Unanswered
#1 2017-03-15 23:02:41
- sxlijin
- Member
- Registered: 2016-08-30
- Posts: 8
[SOLVED] curl: (77) error setting certificate verify locations:
I just upgraded my system the other day and ran into the certificate store issue, which I ended up overcoming with
pacman -Syu --forceIn retrospect this may not have been the best decision (and I probably should've gone with the workaround posted to the homepage, which I've also run since), but I've found that I'm running into issues with curl now:
$ curl -vvv https://git-scm.com
* Rebuilt URL to: https://git-scm.com/
* Trying 104.20.38.43...
* TCP_NODELAY set
* Connected to git-scm.com (104.20.38.43) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, Server hello (2):
* SSL certificate problem: certificate is not yet valid
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):
curl: (60) SSL certificate problem: certificate is not yet valid
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.I'm not sure if this is an issue with the git-scm.com certificate itself, but I don't see any certificate errors with it in Chrome on Windows, so I'm inclined to think that there's an issue here with the Arch CA records.
Last edited by sxlijin (2017-03-16 05:47:25)
Offline
#2 2017-03-15 23:36:35
- mpan
- Member
- Registered: 2012-08-01
- Posts: 1,205
- Website
Re: [SOLVED] curl: (77) error setting certificate verify locations:
--force is not a magical tool that will fix things. Most often it will break them.
Try:
Reinstalling (possibly uninstalling and installing again if a normal reinstall fails) the previous version of ca-certificates-utils.
Follow the official workaround.
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
#3 2017-03-16 05:29:34
- sxlijin
- Member
- Registered: 2016-08-30
- Posts: 8
Re: [SOLVED] curl: (77) error setting certificate verify locations:
I could've sworn I'd tried reinstalling ca-certificates-utils already, but evidently not, because that just fixed it for me; thanks!
Last edited by sxlijin (2017-03-16 05:30:26)
Offline
#4 2017-03-16 05:37:09
- Docbroke
- Member
- From: India
- Registered: 2015-06-13
- Posts: 1,433
Re: [SOLVED] curl: (77) error setting certificate verify locations:
Please mark this as [solved], by editing your first post.
Arch is home!
https://github.com/Docbroke
Offline