When using rvm ruby 3.0.0 OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed

Question

Description

Hi we are using rvm on macos-big sur AWS ec2 machines but it seems that there is an issue with rvm and openssl

Steps to reproduce

We installed rvm and ruby via packer

brew install gpg2
echo " ------------------ GPG2 Installation completed -----------------------"
curl -sSL https://rvm.io/mpapis.asc | gpg --import -
curl -sSL https://rvm.io/pkuczynski.asc | gpg --import -
curl -sSL https://get.rvm.io | bash -s stable
source ~/.bash_profile && rvm install "ruby-3.0.0"

It looks okay

rvm use 3.0.0
openssl version
which openssl

Using /Users/ec2-user/.rvm/gems/ruby-3.0.0 /usr/bin/openssl LibreSSL 2.8.3

But when I

git clone https://github.com/mislav/ssl-tools.git
ruby ssl-tools/doctor.rb

I get an error

Using /Users/ec2-user/.rvm/gems/ruby-3.0.0 /Users/ec2-user/.rvm/rubies/ruby-3.0.0/bin/ruby (3.0.0-p0) OpenSSL 1.1.1m 14 Dec 2021: /usr/local/etc/openssl@1.1 SSL_CERT_DIR="" SSL_CERT_FILE=""

HEAD https://status.github.com:443 OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)

The server presented a certificate that could not be verified: subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA error code 20: unable to get local issuer certificate

Possible causes: /usr/local/etc/openssl@1.1/cert.pem' does not exist /usr/local/etc/openssl@1.1/certs/' is empty

When I

brew doctor

I get

Using /Users/ec2-user/.rvm/gems/ruby-3.0.0 Please note that these warnings are just used to help the Homebrew maintainers with debugging if you file an issue. If everything you use Homebrew for is working fine: please don't worry or file an issue; just ignore this. Thanks!

Warning: Homebrew's "sbin" was not found in your PATH but you have installed formulae that put executables in /usr/local/sbin. Consider setting your PATH for example like so: echo 'export PATH="/usr/local/sbin:$PATH"' >> ~/.zshrc

Warning: Broken symlinks were found. Remove them with brew cleanup: /usr/local/etc/gnutls/cert.pem /usr/local/etc/openssl@1.1/cert.pem

Asked the same question in github.com/rvm

Answer 1

This was the solution that worked

In ~/.bashrc

# Add RVM to PATH for scripting. Make sure this is the last PATH variable change.
export PATH="$PATH:$HOME/.rvm/bin"

In ~/.bash_profile

[[ -s "$HOME/.rvm/scripts/rvm" ]] && source "$HOME/.rvm/scripts/rvm" # Load RVM into a shell session *as a function*

In ~/.zshrc

# Avoid warning: Homebrew's "sbin" was not found in your PATH but you have installed formulae that put executables in /usr/local/sbin
export PATH="/usr/local/sbin:$PATH"
# Add RVM to PATH for scripting. Make sure this is the last PATH variable change.
export PATH="$PATH:$HOME/.rvm/bin"

In provisioner

# Remove broken symlinks before using brew
/usr/local/bin/brew cleanup

/usr/local/bin/brew install gpg2
echo "------------------ GPG2 Installation completed -----------------"
curl -sSL https://rvm.io/mpapis.asc | /usr/local/bin/gpg --import -
curl -sSL https://rvm.io/pkuczynski.asc | /usr/local/bin/gpg --import -
curl -sSL https://get.rvm.io | bash -s stable --auto-dotfiles
source ~/.bash_profile