This issue has also occurred to me when trying to annotate, and several other gems (as a test). It occurred to me earlier today intermittently but is now preventing me from installing any gem.

In the meantime downgrading back to v 2.0.3 for now seems to have resolved this issue.

I had the same problem. It looks like it is related to OpenSSL security certificates. This worked for me (OS X):

brew tap raggi/ale
brew install openssl-osx-ca

There are two possible causes for this:

1. You are missing certificates. This is unlikely as RubyGems ships with the certificates it needs to connect to https://rubygems.org
2. There is a timeout connecting to https://rubygems.org or (in your case) https://s3.amazonaws.com

Sadly, OpenSSL does not give good diagnostics for why there was a certificate verification failure. It could be either of the above problems.

PS: You should not use 2.0.3 as it is vulnerable to CVE-2013-4287 and CVE-2013-4363. Use 2.0.10 instead.

Oh, can you check for timeouts?

I'm not sure how I would check for timeouts, but I think the issue might be related to ruby 2.0.0-p247 because rubygems 2.0.3, 2.0.10 and 2.1.5 all fail with the same error when installed under this ruby version. However, rubygems 2.0.10 works fine under ruby 2.0.0-p0.

I don't think it would be a timeout, at least for me I receive the SSL failure immediately after trying to install a gem - that would be a short timeout.

I've asked @evanphx to look into updated certificates for Amazon S3, but since it seems to be related to your ruby version, perhaps @emboss has an idea?

Im seeing this error:

gem install redis -v '3.0.5'
ERROR:  Could not find a valid gem 'redis' (= 3.0.5), here is why:
          Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://s3.amazonaws.com/production.s3.rubygems.org/specs.4.8.gz)

Same problem here:

$ gem install rake --verbose
GET https://rubygems.org/latest_specs.4.8.gz
302 Moved Temporarily
ERROR: Could not find a valid gem 'rake' (>= 0), here is why:
Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://s3.amazonaws.com/production.s3.rubygems.org/latest_specs.4.8.gz)
HEAD https://rubygems.org/prerelease_specs.4.8.gz
302 Moved Temporarily
HEAD https://rubygems.org/specs.4.8.gz
302 Moved Temporarily

For the ones still getting this error, would you mind perform the following command with openssl ?

$ openssl s_client -connect rubygems.org:443 -showcerts -status < /dev/null

If you can make a gist with the complete output will allow us to verify the certs obtained from the server and then determine what could be the issue.

Thank you.

Here is the gist: https://gist.github.com/lucamug/6851433
Consider that I am using Windows 7.

I've been getting this error for a few days now.

My latest error message:

Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://s3.amazonaws.com/production.s3.rubygems.org/gems/sass-3.2.12.gem)

I'm on OSX 10.7.5 with Ruby 2.0.0p247 and the latest version of rubygems:

$ uname -a
Darwin rivendell 11.4.2 Darwin Kernel Version 11.4.2: Thu Aug 23 16:25:48 PDT 2012; root:xnu-1699.32.7~1/RELEASE_X86_64 x86_64 i386 MacBookPro8,1 Darwin
$ ruby -v
ruby 2.0.0p247 (2013-06-27 revision 41674) [x86_64-darwin11.4.2]
$ gem -v
2.1.3

Here's my gist: https://gist.github.com/nmarley/6858578

I've been having this issue also since friday (when I tried to install the flickraw gem). It worked before, first I thought might be a network issue but it wasn't since I tried it on different wireless and wired networks.

Doing a normal bundle install works, if you set the source insecurely. [edited by @drbrain to remove a broken fix]

Doing a gem install, like I need to do a specific bcrypt-ruby install for windows 7, it won't work.

@drbrain looking at the certificate issues, seems that the problem is not connecting to rubygems.org and the SSL, but the redirects to Amazon S3 for downloading the gems, which is resulting in the SSL error we are seeing.

Perhaps we can add these certificates too? I have a strong feeling this might be the issue.

I can't test this right now, but will be able to test something starting on Tuesday :cry:

@drbrain I think #673 might be the solution to this.

@luislavena A little late, but here it is: https://gist.github.com/bbuck/6c4831f21f53365c72df

That's a gist of executing the openssl command you gave.

My solution to this was to update my CA certs file for the instance of openssl that Ruby is linked against. Since I linked against a manually-compiled OpenSSL in /opt/openssl, the brew openssl-osx-ca command that @vencislaf recommended above didn't work for me. I manually ran the steps and created a certs.pem file via:

security find-certificate -a -p /Library/Keychains/System.keychain > /tmp/certs.pem
security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain >> /tmp/certs.pem

Then I moved the file to the location specified by:

ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE'

I'm guessing Amazon updated an SSL cert file about 5 days ago, that or one of the bundled certs that was making this work expired at that time.

Just as a sidenote: In my case, upgrading from ruby 1.9.3p327 to 1.9.3p448 did the trick.

Had the same issue.. downgraded from Ruby 2.0.0-p247 to Ruby 1.9.3-p448 worked for me.

@brainmonger You shouldn't have to downgrade. Updating Rubygems to the latest version (gem update --system) should pull in the right SSL certs.

That's what I would've thought.. though I tried updating a couple times using: 'gem update --system' yet still came across the error.

I had the same problem and ended up having to update a certificate:

http://stackoverflow.com/questions/19215590/why-cant-i-install-any-gems-on-my-mac
rvm osx-ssl-certs update all

... and then I installed rails without rdoc or ri:
gem install rails --no-rdoc --no-ri
http://stackoverflow.com/questions/1381725/how-to-make-no-ri-no-rdoc-the-default-for-gem-install

Thanks @nmarley as a gem update --system fixed it for me w/ ruby 1.9.3p194 on Windows 7

I got a similar error running Ruby 2.0.0 on Windows 7. Updating system told me I was at the latest version. I installed Ruby 1.9.3 instead and that resolved the issue with certificates.

I'm still having this issue! I've tried everything above but I'm continuing to get SSL errors.

Update: I ran some $ security and everything's working fine now.

For a win platform a possible reason and its solution is https://gist.github.com/fnichol/867550 (ruby 2.1.4p265, Rails 4.1.8, win7)

Please try

https://gist.github.com/luislavena/f064211759ee0f806c88

Sorry for top posting. Sent from mobile.
On Dec 6, 2014 3:18 PM, "vchervanev" [email protected] wrote:

For a win platform a possible reason and its solution is
https://gist.github.com/fnichol/867550

Reply to this email directly or view it on GitHub
https://github.com/rubygems/rubygems/issues/665#issuecomment-65908083.

@vchervanev This fixed the issue for me (Windows 8.1, Ruby 2.0.0p353). Thanks! :+1:

@rmorrin I'd say luislavena's provided more information and probably a better solution https://gist.github.com/luislavena/f064211759ee0f806c88

@vchervanev I'll take a look - thanks!

[comment removed due to insecure fix by @drbrain]

My solution was (under linux), after trying other options:
gem source --add https://s3.amazonaws.com/production.s3.rubygems.org/
gem source --remove https://rubygems.org/

@danj3 the solution for Linux is the same I believe, you need the .pem file placed in the right place.

@vchervanev thank you so much! it really helped.

:+1: @danj3 works on Windows 7 64bits

:+1: @danj3 @fifahuihua

@vchervanev That solved the issue for me.

[Comment removed due to insecure fix by @drbrain]

@danj3 you're solution works fine ! ! ! ( Windows 7 Ultimate with railsinstaller-3.1.0 )
same with webdevilopers,, api solution is not working too!

@fifahuihua @webdevilopers switching the source to a non-HTTPS URI allows an attacker to install malicious gems. Use this guide to fix it properly: https://gist.github.com/luislavena/f064211759ee0f806c88

Hey there, I had the same problem. [REDACTED due to insecure gem download method]

guys, i figured how to fix this problem.
Check this out.

ERROR: Could not find a valid gem 'sass' (>= 0), here is why:
Unable to download data from https://rubygems.org/ no such name (
https://rubygems.org/specs.4.8.gz)

1. go this website, download latest sass file
   https://rubygems.org/gems/sass
2. create new folder on C drive, name SASS file.
3. back to the command prompt
   cd C:¥SASS
   gem install sass

I hope you will be succeed.

@princeofstar you're installing a sass you downloaded to your harddrive. That is a workaround, but you will probably be better of by updating your rubygems in the long run.

This link contains the howto: "Installing using update packages (NEW)". Basically, you do the same thing you did with sass, but instead with rubygems itself. This will fix the problem for all future gems.

I am getting this error:
ERROR: Could not find a valid gem 'sass' (>= 0), here is why:
Unable to download data from https://rubygems.org/ - SSL_connect retur
ned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (
https://api.rubygems.org/latest_specs.4.8.gz)
Any workaround?

@anandasansol: yes, plenty. The short advice is to install a more up-to-date version of rubygems itself. Please have a look at the post directly before your post. It contains a link to the solution. If there's something weird happening, please let us know!

@Jemma5 - your solution worked for me on 2.2.2 . Thanks!

@steveharville it should be noted that this is not a good idea. As indicated by the warning you get from following that workaround. It's a temporary help, at best!

Public service announcement for everyone wanting a Solution

There's one solution to this problem, and it's updating your rubygems. Everything else is just a workaround. Please follow the instructions by @luislavena, described in detail here: https://gist.github.com/luislavena/f064211759ee0f806c88#installing-using-update-packages-new

Please don't use the other workarounds, especially not those, that favor insecure HTTP connections.

_This message has been edited to fix formatting snafu when replied by email_

The reason people are going for the bad/easy solution is because the right solution is not as easy as it should be, i.e. cut and paste.

If you have 2.x>, this fancy automatic solution should(might) work for unix/osx:

ruby -ruri -ropen-uri -e 'v={"2.2"=>"2.2.3","2.0"=>"2.0.15","1.8"=>"1.8.30"}[Gem::VERSION.split(".")[0..1].join(".")];uri=URI.parse("https://github.com/rubygems/rubygems/releases/download/v#{v}/rubygems-update-#{v}.gem");File.write("/tmp/rubygems-update.gem",uri.read)'; gem install --local /tmp/rubygems-update.gem; update_rubygems --no-ri --no-rdoc; rm /tmp/rubygems-update.gem

The 1.8.x version would be:

curl https://github.com/rubygems/rubygems/releases/download/v1.8.30/rubygems-update-1.8.30.gem > /tmp/rubygems-update.gem; gem install --local /tmp/rubygems-update.gem; update_rubygems --no-ri --no-rdoc; rm /tmp/rubygems-update.gem

The other versions, broken out are:

2.2.x:

curl https://github.com/rubygems/rubygems/releases/download/v2.2.3/rubygems-update-2.2.3.gem > /tmp/rubygems-update.gem; gem install --local /tmp/rubygems-update.gem; update_rubygems --no-ri --no-rdoc; rm /tmp/rubygems-update.gem

2.0.x:

curl https://github.com/rubygems/rubygems/releases/download/v2.0.15/rubygems-update-2.0.15.gem > /tmp/rubygems-update.gem; gem install --local /tmp/rubygems-update.gem; update_rubygems --no-ri --no-rdoc; rm /tmp/rubygems-update.gem

After all that, if you made the http (bad) fix, do this:

gem sources --add https://rubygems.org
gem sources --remove http://rubygems.org

Unless there's a bug/typo in the above, this should put the whole problem to rest. Best of luck.

Dan

On Jun 11, 2015, at 0425, Claudius Coenen <[email protected] notifications@github.com> wrote:

@steveharville it should be noted that this is not a good idea. As indicated by the warning you get from following that workaround. It's a temporary help, at best!

Public service announcement for everyone wanting a Solution

There's one solution to this problem, and it's updating your rubygems. Everything else is just a workaround. Please follow the instructions by @luislavena, described in detail here: https://gist.github.com/luislavena/f064211759ee0f806c88#installing-using-update-packages-new https://gist.github.com/luislavena/f064211759ee0f806c88#installing-using-update-packages-new

Please don't use the other workarounds, especially not those, that favor insecure HTTP connections.

—
Reply to this email directly or view it on GitHub.

Thank you.

Caan anyone help with an answer on how to resolve this error.:
C:\DevKit>gem install json --platform=ruby
ERROR: Could not find a valid gem 'json' (>= 0), here is why:
Unable to download data from https://rubygems.org/ - Errno::ECONNABORT
ED: An established connection was aborted by the software in your host machine.

• SSL_connect (https://api.rubygems.org/specs.4.8.gz)

Mine issue is a bit different...
Can anyone help with an answer on how to resolve this error.:
C:\DevKit>gem install json --platform=ruby
ERROR: Could not find a valid gem 'json' (>= 0), here is why:
Unable to download data from https://rubygems.org/ - Errno::ECONNABORT
ED: An established connection was aborted by the software in your host machine.

SSL_connect (https://api.rubygems.org/specs.4.8.gz)

@collins001 what RubyGems version are you using? If ruby is trying to download specs.4.8 you likely have an out-of-date version which does not have the correct CA certificates to securely connect to RubyGems.org.

Updating system gems worked for me under bundler:

In my Gemfile:

source 'https://rubygems.org'

(gem spec here)

In elevated powershell:

gem update --system

I still have the problem with gem.

this is a fresh install ruby version 2.2.5p319 from http://rubyinstaller.org/

Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

ruby version 2.2.5p319
gem version 2.4.5.1
OS: window 7 64bit

Have anyone an idea to solve this?
Thanks you in advance.

Having this problem too. Wonder what's the cause. I noticed api.rubygems.org has a "too many redirects" error

@vtanathip There's a workaround here: http://guides.rubygems.org/ssl-certificate-update/
You just need to drop the correct GlobalSign root CA into your rubygems ssl_certs folder.

If you watch it fail in procexp you can see it's also trying to find SSL certs in a folder under C;\Users\Justin, so this probably does work for whoever builds the Windows releases at rubyinstaller.org.

@RupW Thanks, that's help!!!

Have to say that document resolved my issues. :+1:

Hope someone that have the same problem will resolve it.

FYI: I use MANUAL SOLUTION TO SSL ISSUE

I fixed mine by manually installing rubygems and upgrading openssl on osx yosemite

Neither @RupW or @Fire-Dragon-DoL 's suggestions worked for me (OSX Yosemite 10.10.5). RubyGems version 2.6.7. Still getting the same error message. Does anyone have other suggestions?

@rishifactual As someone pointed out, it's a problem with RVM rubies, they are built with old openssl. Update openssl, reinstall your ruby with rvm install 2.3.1 --disable-binary, which will force a recompile instead of using rvm binaries. This should address the issue.

perfect! Thanks

https://github.com/rubygems/rubygems/issues/1745

[REDACTED due to creating a security vulnerability]

That's not a solution, you are trading security (a big one) if you use http instead of https, please regret from even recommending that.

@Fire-Dragon-DoL I redacted it here and flagged it on stack overflow

Fix is here http://guides.rubygems.org/ssl-certificate-update/#background it is working on windows 10 x64

@officialmmt nope, I applied that fix and didn't work, the only fix currently was recompiling the rubies

@officialmmt slight alteration for your instructions. I copied the global.pem then I made sure I remove all sources using

gem source --list
gem source --remove ...

Finally I added back rubygems.org

gem source --add https://rubygems.org/

I had to reinstall openssl:

brew uninstall --force openssl
brew install openssl

I am still getting this error with a fresh install on windows

I got this error also. The cause is gem is updated and also the certificates.

Please follow this guide to update gem & the certificates, it helped me out.

http://guides.rubygems.org/ssl-certificate-update/

This solution did not work for me..If you are facing the same.. try the steps from [REDACTED, advocates insecure connections]
Worked for me!!

@omidheshmatinia: This is in secure way, better follow my way if it works. Or @ccoenen is ok also.

(Edit: the link to the insecure answer was removed, the following is no longer relevant to this discussion, it is referring to the VERIFY_NONE pattern which is a bad idea but which is nonetheless often suggested)

I flag this answer whenever I see it on Stack Overflow, but the moderators there usually don't agree with my assessment that a dangerous way should not be on that site. It appears to be quite hard to understand that YOU ARE F*CKING OPEN TO ALL KINDS OF ATTACKS if you miss that tiny little s in your gem sources.

In my case:

• OSX 0.12.6
• Ruby 2.0.0-p247
• rbenv 1.1.1-28-gb943955

Updating Ruby to 2.4.2 made the trick.

This worked for me https://gist.github.com/fnichol/867550

Reinstalling Ruby worked for me:

1. rvm uninstall 2.7.1
2. rvm install 2.7.1