Ruby-build: Cannot install 2.3.0 on El Capitan

FWIW:

$ curl --version
curl 7.43.0 (x86_64-apple-darwin15.0) libcurl/7.43.0 SecureTransport zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets 

$ brew info curl
curl: stable 7.46.0 (bottled) [keg-only]
Get a file from an HTTP, HTTPS or FTP server
http://curl.haxx.se/
/usr/local/Cellar/curl/7.46.0 (359 files, 3.1M)
  Poured from bottle
From: https://github.com/Homebrew/homebrew/blob/master/Library/Formula/curl.rb
==> Dependencies
Build: pkg-config ✘
Optional: openssl ✔, libidn ✘, rtmpdump ✘, libssh2 ✘, c-ares ✘, libmetalink ✘, libressl ✘, nghttp2 ✘
==> Options
--with-c-ares
    Build with C-Ares async DNS support
--with-gssapi
    Build with GSSAPI/Kerberos authentication support.
--with-libidn
    Build with support for Internationalized Domain Names
--with-libmetalink
    Build with libmetalink support.
--with-libressl
    Build with LibreSSL instead of Secure Transport or OpenSSL
--with-libssh2
    Build with scp and sftp support
--with-nghttp2
    Build with HTTP/2 support (requires OpenSSL or LibreSSL)
--with-openssl
    Build with OpenSSL instead of Secure Transport
--with-rtmpdump
    Build with RTMP support
==> Caveats
This formula is keg-only, which means it was not symlinked into /usr/local.

OS X already provides this software and installing another version in
parallel can cause all kinds of trouble.

Generally there are no consequences of this for you. If you build your
own software and it requires this formula, you'll need to add to your
build variables:

    LDFLAGS:  -L/usr/local/opt/curl/lib
    CPPFLAGS: -I/usr/local/opt/curl/include


zsh completion has been installed to:
  /usr/local/share/zsh/site-functions

Force-linking homebrew's curl doesn't change the error message I get.

While I haven't yet found a solution to the SSL certificate problem, I was able to build the package I had manually downloaded as follows (thanks to the package-mirror section in the README):

$ mkdir ~/.rbenv/cache
$ mv ~/downloads/ruby-2.3.0.tar.bz2 ~/.rbenv/cache
$ rbenv install 2.3.0

That's really bizarre. You shouldn't need Homebrew's curl, as system one should work just fine and have CA bundle already set up.

To verify, does this fail in the same manner for you?

curl -OL https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.0.tar.bz2

I thought it was odd too. Here's what I get from that command:

$ curl -OL https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.0.tar.bz2
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (60) SSL certificate problem: Invalid certificate chain
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

@airblade Take a look at this https://superuser.com/questions/721778/can-not-clone-any-git-repository-from-github if it doesn't help you.

I've met several times with this kind of issue through several versions of Mac OS X.

@deepj Thanks, but it's not that. I don't have that expired DigiCert certficate in Keychain. Also when I visit https://cache.ruby-lang.org in Safari and examine the certificates, everything looks ok:

I was surprised to see that the not-valid-before date is today:

I remember looking at this certificate yesterday as well and the not-valid-before was yesterday's date. Are they updating their certificate daily I wonder? Would that confuse curl?

This seems to be a curl problem rather than a ruby-build one so I'll close this issue.

If anyone can suggest how to fix it I'd still love to hear about it :)

@airblade FYI, I just ran into this with ruby-build 20160602 but was able to work around it by

mkdir ~/.rbenv/cache

and then re-running

rbenv install 2.3.0

@simtel12, thanks for your answer.I could installed the ruby version 2.3.0