Rubygems: gem install error - SSL issue
Hello!
I'm having trouble with installing ruby rails 2.0.0 x32. After command C:\>gem instal rails comes:
ERROR: Could not find a valid gem 'rails' (>= 0), here is why:
Unable to download data from https://rubygems.org/ - SSL_connect retur
ned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (
https://rubygems.org/latest_specs.4.8.gz)
I tried replacing certificate manually, but it didn't help. Maybe someone knows how to solve this?
I will abide by the code of conduct.
sancxa
All 20 comments
Hi! If you could do the following two things, it would help with debugging:
- Update to RubyGems 2.6.8 (
gem update --system) and try again, and tell us any errors it generates. (It has better SSL-related errors.) - Provide the output of
gem env.
Thanks!
duckinator
on 2 Nov 2016
Thank you for response!
Command gem update --system is not willing to work, it says that I have latest version. So i updated it manually.
Now, after executing gem install rails, it gives out :
°C:\>gem install rails
Fetching: i18n-0.7.0.gem (100%)
Successfully installed i18n-0.7.0
Fetching: thread_safe-0.3.5.gem (100%)
Successfully installed thread_safe-0.3.5
Fetching: tzinfo-1.2.2.gem (100%)
Successfully installed tzinfo-1.2.2
Fetching: minitest-5.9.1.gem (100%)
Successfully installed minitest-5.9.1
Fetching: concurrent-ruby-1.0.2.gem (100%)
Successfully installed concurrent-ruby-1.0.2
Fetching: activesupport-5.0.0.1.gem (100%)
ERROR: Error installing rails:
activesupport requires Ruby version >= 2.2.2.
Ruby gems environment:
C:\>gem env
RubyGems Environment:
- RUBYGEMS VERSION: 2.6.8
- RUBY VERSION: 2.0.0 (2015-08-18 patchlevel 647) [i386-mingw32]
- INSTALLATION DIRECTORY: C:/Ruby200/lib/ruby/gems/2.0.0
- USER INSTALLATION DIRECTORY: C:/Users/SandraB/.gem/ruby/2.0.0
- RUBY EXECUTABLE: C:/Ruby200/bin/ruby.exe
- EXECUTABLE DIRECTORY: C:/Ruby200/bin
- SPEC CACHE DIRECTORY: C:/Users/SandraB/.gem/specs
- SYSTEM CONFIGURATION DIRECTORY: C:/ProgramData
- RUBYGEMS PLATFORMS:
- ruby
- x86-mingw32
- GEM PATHS:
- C:/Ruby200/lib/ruby/gems/2.0.0
- C:/Users/SandraB/.gem/ruby/2.0.0
- GEM CONFIGURATION:
- :update_sources => true
- :verbose => true
- :backtrace => false
- :bulk_threshold => 1000
- REMOTE SOURCES:
- https://rubygems.org/
- SHELL PATH:
- C:\Program Files (x86)\Rockwell Software\RSCommon
- C:\ProgramData\Oracle\Java\javapath
- c:\Program Files (x86)\Intel\iCLS Client\
- c:\Program Files\Intel\iCLS Client\
- C:\Windows\system32
- C:\Windows
- C:\Windows\System32\Wbem
- C:\Windows\System32\WindowsPowerShell\v1.0\
- C:\Program Files\Intel\Intel(R) Management Engine Components\DAL
- C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL
- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
- c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
- C:\Program Files\Intel\WiFi\bin\
- C:\Program Files\Common Files\Intel\WirelessCommon\
- C:\Program Files (x86)\Windows Live\Shared
- C:\Program Files (x86)\Skype\Phone\
- C:\Ruby200\bin
- C:\BC5\BIN
I hope this helps somehow. Thank you!
sancxa
on 2 Nov 2016
I've been suffering the same issue on MacOsX 10.10
Already tried to implode (remove) RVM, reinstall everything, even updating and symlinking OpenSSL to version 1.0.2j... and of course both solutions explained in http://guides.rubygems.org/ssl-certificate-update/ However, it's refusing to work :-/
Outputs from gem update --system; gem env; and gem installation, like gem install bundler
$ gem update --system
ERROR: SSL verification error at depth 2: certificate has expired (10)
ERROR: Certificate /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA expired at 2014-01-28T12:00:00Z
ERROR: While executing gem ... (Gem::RemoteFetcher::FetchError)
SSL_connect returned=1 errno=0 state=error: certificate verify failed (https://api.rubygems.org/specs.4.8.gz)
$ gem env
RubyGems Environment:
- RUBYGEMS VERSION: 2.6.8
- RUBY VERSION: 2.3.1 (2016-04-26 patchlevel 112) [x86_64-darwin14]
- INSTALLATION DIRECTORY: /Users/javi/.rvm/gems/ruby-2.3.1
- USER INSTALLATION DIRECTORY: /Users/javi/.gem/ruby/2.3.0
- RUBY EXECUTABLE: /Users/javi/.rvm/rubies/ruby-2.3.1/bin/ruby
- EXECUTABLE DIRECTORY: /Users/javi/.rvm/gems/ruby-2.3.1/bin
- SPEC CACHE DIRECTORY: /Users/javi/.gem/specs
- SYSTEM CONFIGURATION DIRECTORY: /Users/javi/.rvm/rubies/ruby-2.3.1/etc
- RUBYGEMS PLATFORMS:
- ruby
- x86_64-darwin-14
- GEM PATHS:
- /Users/javi/.rvm/gems/ruby-2.3.1
- /Users/javi/.rvm/gems/ruby-2.3.1@global
- GEM CONFIGURATION:
- :update_sources => true
- :verbose => true
- :backtrace => false
- :bulk_threshold => 1000
- REMOTE SOURCES:
- https://rubygems.org/
- SHELL PATH:
- /Users/javi/.rvm/gems/ruby-2.3.1/bin
- /Users/javi/.rvm/gems/ruby-2.3.1@global/bin
- /Users/javi/.rvm/rubies/ruby-2.3.1/bin
- /Users/javi/.nvm/versions/node/v5.10.1/bin
- /usr/local/sbin
- /usr/local/bin
- /Users/javi/Code/android/ndk
- /Users/javi/Code/android/sdk/tools
- /Users/javi/Code/android/sdk/build-tools/24.0.2
- /Users/javi/Code/android/sdk/platform-tools
- /usr/local/heroku/bin
- /usr/local/bin
- /usr/bin
- /bin
- /usr/sbin
- /sbin
- /opt/X11/bin
- /usr/local/MacGPG2/bin
- /Users/javi/.rvm/bin
- /Users/javi/.rvm/bin
$ gem install bundler
ERROR: SSL verification error at depth 2: certificate has expired (10)
ERROR: Certificate /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA expired at 2014-01-28T12:00:00Z
ERROR: SSL verification error at depth 2: certificate has expired (10)
ERROR: Certificate /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA expired at 2014-01-28T12:00:00Z
ERROR: SSL verification error at depth 2: certificate has expired (10)
ERROR: Certificate /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA expired at 2014-01-28T12:00:00Z
ERROR: Could not find a valid gem 'bundler' (>= 0), here is why:
Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=error: certificate verify failed (https://api.rubygems.org/specs.4.8.gz)
ERROR: SSL verification error at depth 2: certificate has expired (10)
ERROR: Certificate /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA expired at 2014-01-28T12:00:00Z
Any thoughts?
jrub
on 2 Nov 2016
For some reason your cert bundle has the old GlobalSign CA certificate that was refreshed in 2007.
I'm not sure why someone thought distributing a certificate that is nine years out of data is a good idea, but it's still floating around. You'll need to remove this CA cert from your trusted certificates list. I'm not sure where to download it from, though.
drbrain
on 2 Nov 2016
… download it from so you can find out where it lives in your CA bundle in PEM format.
drbrain
on 2 Nov 2016
I don't understand why or how I have that cert. I even manually removed the one inside /.rvm/rubies/ruby-2.3.1/lib/ruby/site_ruby/2.3.0/rubygems/ssl_certs/rubygems.org and added the one from http://guides.rubygems.org/ssl-certificate-update/#manual-solution-to-ssl-issue
Also, my mac KeyChain only have GlobalSign certs expiring on 2028
jrub
on 2 Nov 2016
The one in rubygems/ssl_certs should be the up-to-date one, maybe it lives in ruby -ropenssl -e 'p OpenSSL::X509::DEFAULT_CERT_FILE'
drbrain
on 2 Nov 2016
ruby -ropenssl -e 'p OpenSSL::X509::DEFAULT_CERT_FILE'
"/usr/local/etc/openssl/cert.pem"
that cert is "com.apple.systemdefault"
I really can't find any expired cert on my system :-(
jrub
on 3 Nov 2016
dumped RVM and switched to rbenv, just in case. Same results
jrub
on 3 Nov 2016
If I switch to ruby system version, it works. However it installs the gems globally onto the system of course (/Library/Ruby/Gems/2.0.0) :-/ I've never had any of this problems in years using rvm/rubygems
jrub
on 3 Nov 2016
for me worked very fine:
ruby -ropenssl -e 'p OpenSSL::X509::DEFAULT_CERT_FILE'that outputs"/usr/local/etc/openssl/cert.pem"mv /usr/local/etc/openssl/cert.pem /usr/local/etc/openssl/cert.pem.old
now the brand new certificate I downloaded is the default one.
thank you @drbrain for the clue
jlaso
on 20 Dec 2016
Thank you Jlaso! You're the man!
samguergen
on 10 Jan 2017
@jlaso You are my hero. I was on hour four of debugging tonight. Thank you!!!
MarinaNitze
on 23 Apr 2017
Thanks @jlaso
alliesground
on 19 Jun 2017
yes thanks @jlaso! fwiw I also had to mv a cert at /etc/openssl/cert.pem
actonric
on 4 Aug 2017
I'm closing this, if anyone is having issues relating to SSL please open a new issue with the details of your problem.
colby-swandale
on 4 Sep 2017
Not sure if this is worth posting, but to download the new cert after @jlaso's fix, one should be able to just use:
rvm osx-ssl-certs update all
corbettwood
on 29 Dec 2017
My issue: ruby -ropenssl -e 'p OpenSSL::X509::DEFAULT_CERT_FILE' returns /usr/local/ssl/cert.pem However, mv /usr/local/ssl/cert.pem /usr/local/ssl/cert.pem.old returns mv: cannot stat '/usr/local/ssl/cert.pem': No such file or directory
What worked for me:
create a new file called cert.pem in my cert location (/usr/local/ssl/) and paste the cert from here https://raw.githubusercontent.com/rubygems/rubygems/master/lib/rubygems/ssl_certs/index.rubygems.org/GlobalSignRootCA.pem into it.
Hope it helps someone.
smilebot
on 28 Apr 2019
@smilebot
Thanks for posting!!
That seems to do the trick with Ubuntu 18.10.
ArleyCH
on 29 Apr 2019
@smilebot
Thank you, man!
f-squirrel
on 10 Mar 2020
Related issues
sebroeder
·
3Comments
adrianomitre
·
5Comments
morgoth
·
4Comments
jrochkind
·
3Comments
jasnow
·
3Comments
Most helpful comment
for me worked very fine:
ruby -ropenssl -e 'p OpenSSL::X509::DEFAULT_CERT_FILE'that outputs"/usr/local/etc/openssl/cert.pem"mv /usr/local/etc/openssl/cert.pem /usr/local/etc/openssl/cert.pem.oldnow the brand new certificate I downloaded is the default one.
thank you @drbrain for the clue