Reputation: 6263
Linux Git: Unable to access remote: error setting certificate verify locations
So I'm running OpenSUSE Leap 42.1, and Git 2.6.6. Up until today, I've had no problems pushing/pulling/fetching from a remote GitHub repo.
Now, today, I'm having this error message:
fatal: unable to access 'https://github.com/myName/myProject.git/': error setting certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
Anytime I do a push/pull/fetch, I get this. My first thought was to check that filepath that's provided, and no file named ca-certificates.crt exists in /etc/ssl/certs.
So... I'm not entirely sure what to do. Not sure why this suddenly stopped working either, maybe an OS or git update broke it? Either way, looking to be pointed in the right direction.
Thanks.
Upvotes: 6
Views: 10308
Answers (3)
Reputation: 1324218
Regardless where it maybe or the OS you are using once you get that bundle certification file, you then need to tell git to configure using that cert. You can modify the git.config file several why but one straight way is:
git config --system http.sslcainfo /bin/curl-ca-bundle.crt
With Git 2.34 (Q4 2021), that would be:
git config --system http.sslcainfo %(prefix)/bin/curl-ca-bundle.crt
The pathname expansion (like "~username/") learned a way to specify a location relative to Git installation (e.g. its $sharedir which is $(prefix)/share), with "%(prefix)".
See commit 7ed37eb (26 Jul 2021) by Junio C Hamano (gitster).
See commit e394a16, commit a03b097, commit 644e6b2, commit 789f6f2, commit b7d11a0 (24 Jul 2021) by Johannes Schindelin (dscho).
(Merged by Junio C Hamano -- gitster -- in commit aab0eea, 24 Aug 2021)
interpolate_path(): allow specifying paths relative to the runtime prefixSigned-off-by: Johannes Schindelin
Ever since Git learned to detect its install location at runtime, there was the slightly awkward problem that it was impossible to specify paths relative to said location.
For example, if a version of Git was shipped with custom SSL certificates to use, there was no portable way to specify
http.sslCAInfo.In Git for Windows, the problem was "solved" for years by interpreting paths starting with a slash as relative to the runtime prefix.
However, this is not correct: such paths are legal on Windows, and they are interpreted as absolute paths in the same drive as the current directory.
After a lengthy discussion, and an even lengthier time to mull over the problem and its best solution, and then more discussions, we eventually decided to introduce support for the magic sequence
%(prefix)/.If a path starts with this, the remainder is interpreted as relative to the detected (runtime) prefix.
If built without runtime prefix support, Git will simply interpolate the compiled-in prefix.If a user wants to specify a path starting with the magic sequence, they can prefix the magic sequence with
./and voilà, the path won't be expanded.
config now includes in its man page:
If a path starts with
%(prefix)/, the remainder is interpreted as a path relative to Git's "runtime prefix", i.e. relative to the location where Git itself was installed.For example,
%(prefix)/bin/refers to the directory in which the Git executable itself lives.If Git was compiled without runtime prefix support, the compiled-in prefix will be substituted instead.
In the unlikely event that a literal path needs to be specified that should not be expanded, it needs to be prefixed by
./, like so:./%(prefix)/bin.
Upvotes: 0
Reputation: 361
Apparently, sometimes the cert files change so you need to keep a bundle of several , rather that just one! Moreover, I will recommend to try and maintain the secure connection rather that turning it off with:
git config --system http.sslVerify false
Or worse:
git config --global http.sslVerify false
That is a very bad practice and should be avoided at all causes.
So first, look up that bundle cert file. In Windows, it is located under the git installation dir, something like:
D:\Program Files\Git\mingw64\ssl\certs\ca-bundle.crt
In Linux, you can try something like this (I haven't try this though):
$ curl-config --ca
**/etc/ssl/certs/ca-certificates.crt**
or maybe this other location:
**/etc/ca-certificates/extracted/ca-bundle.trust.crt**
Regardless where it maybe or the OS you are using once you get that bundle certification file, you then need to tell git to configure using that cert. You can modify the git.config file several why but one straight way is:
git config --system http.sslcainfo /bin/curl-ca-bundle.crt
I hope it helps. For more information there is this other discussion. Please let me know if it helps.
Upvotes: 9
Reputation: 363
check there may be a ssl file in somewhere else. I have the same problem in windows 10 installation and i solved it by making a usr directory and copy the content of ssl directory into usr directory.
Upvotes: 1
Related Questions
- SSL certificate rejected trying to access GitHub over HTTPS behind firewall
- git error: failed to push some refs to remote
- Git error on git pull (unable to update local ref)
- Unable to resolve "unable to get local issuer certificate" using git on Windows with self-signed certificate
- Git error: "Host Key Verification Failed" when connecting to remote repository
- "Unable to find remote helper for 'https'" during git clone
- git pull error :error: remote ref is at but expected
- Git push error '[remote rejected] master -> master (branch is currently checked out)'
- Visual Studio 2017 Enterprise + TFS 2018 + Git Clone = Unable to get local issuer certificate