Curl Certificate Error when Using RVM to install Ruby 1.9.2

Question

RVM is running into a certificate error when trying to download Ruby 1.9.2. It looks like curl is having a certificate issue but I am not sure how to bypass it. I have included the exact error info below.

$ rvm install 1.9.2
Installing Ruby from source to: /Users/willdennis/.rvm/rubies/ruby-1.9.2-p180, this may take a while depending on your cpu(s)...

ruby-1.9.2-p180 - #fetching 
ERROR: Error running 'bunzip2 '/Users/willdennis/.rvm/archives/ruby-1.9.2-p180.tar.bz2'', please read /Users/willdennis/.rvm/log/ruby-1.9.2-p180/extract.log
ruby-1.9.2-p180 - #extracting ruby-1.9.2-p180 to /Users/willdennis/.rvm/src/ruby-1.9.2-p180
ruby-1.9.2-p180 - #extracted to /Users/willdennis/.rvm/src/ruby-1.9.2-p180
Fetching yaml-0.1.3.tar.gz to /Users/willdennis/.rvm/archives

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). The default
 bundle is named curl-ca-bundle.crt; you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
ERROR: There was an error, please check /Users/willdennis/.rvm/log/ruby-1.9.2-p180/*.log. Next we'll try to fetch via http.
Trying http:// URL instead.

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). The default
 bundle is named curl-ca-bundle.crt; you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
ERROR: There was an error, please check /Users/willdennis/.rvm/log/ruby-1.9.2-p180/*.log
Extracting yaml-0.1.3.tar.gz to /Users/willdennis/.rvm/src
ERROR: Error running 'tar zxf /Users/willdennis/.rvm/archives/yaml-0.1.3.tar.gz -C /Users/willdennis/.rvm/src --no-same-owner', please read /Users/willdennis/.rvm/log/ruby-1.9.2-p180/yaml/extract.log
/Users/willdennis/.rvm/scripts/functions/packages: line 55: cd: /Users/willdennis/.rvm/src/yaml-0.1.3: No such file or directory
Configuring yaml in /Users/willdennis/.rvm/src/yaml-0.1.3.
ERROR: Error running ' ./configure --prefix="/Users/willdennis/.rvm/usr"  ', please read /Users/willdennis/.rvm/log/ruby-1.9.2-p180/yaml/configure.log
Compiling yaml in /Users/willdennis/.rvm/src/yaml-0.1.3.
ERROR: Error running '/usr/bin/make ', please read /Users/willdennis/.rvm/log/ruby-1.9.2-p180/yaml/make.log
Installing yaml to /Users/willdennis/.rvm/usr
ERROR: Error running '/usr/bin/make install', please read /Users/willdennis/.rvm/log/ruby-1.9.2-p180/yaml/make.install.log
ruby-1.9.2-p180 - #configuring 
ERROR: Error running ' ./configure --prefix=/Users/willdennis/.rvm/rubies/ruby-1.9.2-p180 --enable-shared --disable-install-doc --with-libyaml-dir=/Users/willdennis/.rvm/usr ', please read /Users/willdennis/.rvm/log/ruby-1.9.2-p180/configure.log
ERROR: There has been an error while running configure. Halting the installation.

How can I resolve or avoid this error?

The entire problem and suggested solution is stated in the the very lengthy error message. I don't think repeating that text in an answer here will help a lot. Start out by reading up on the mentioned URLs. — Daniel Stenberg, Jun 21 '11 at 06:42
@daniel Except that the normal way to make curl stop complaining about a bad SSL certificate, -k, cannot be used here, because curl is being driven by rvm. BTW, you should think carefully about whether you really do want to allow curl to ignore bad SSL certs. One thing you can try is to give curl a [newer CA bundle](http://groups.google.com/group/rubyversionmanager/msg/3e13035183f4fd99). @dorothy's answer below should work. — Dan Barowy, Jul 07 '11 at 03:04
@dan: so read the error message again. It does not particularly suggest you ignore bad certificates (I wrote that error message), it clearly explains what you can do and it does provide a URL with a full description including details on how to get updated CA certificates. — Daniel Stenberg, Jul 07 '11 at 21:19
@daniel: the point is that the error message is for curl, not rvm! You can read curl's suggested solution all you want, but if you can't modify rvm's invocation of curl, you're stuck. I myself tried updating curl's SSL bundle (setting CURL_CA_BUNDLE) and it didn't work-- there is _actually_ something wrong with remote SSL cert that hosts the yaml tarball, not just an out-of-date curl CA bundle. Telling a user to RTFM is fine if reading the output really _does_ fix the problem, but that is _not_ the case here. Again, see the answer below which _actually_ fixes the problem. — Dan Barowy, Jul 08 '11 at 18:28
That is probably _a_ solution, but the curl output is crystal clear and the reason for that output is stated in the error description. — Daniel Stenberg, Jul 10 '11 at 09:10
had you installed all the previous dependencies in order to compile that Ruby version ? — eveevans, Jun 20 '11 at 16:24
Upgrading RVM to the latest version (`rvm get stable`) fixed this problem for me. — sluukkonen, Apr 30 '12 at 12:45

jwadsack · Answer 1 · 2013-05-23T19:03:54.960

126

In case any one else comes across this while trying to update to 1.9.3 (although version probably doesn't matter), check the version of rvm that you have. Wayne seems to have moved from rvm.beginrescueend.com to rvm.io. The old site's security certificate has expired, so curl's response is correct.

Updating rvm from the new site fixed this problem and allowed me to move forward.

$ \curl -L https://get.rvm.io | bash -s stable --rails --autolibs=enabled

Update: As @rodgerdpack mentioned, the command changes and I've updated the above. In general, see https://rvm.io/ for the latest.

edited May 23 '13 at 19:03

answered Apr 09 '12 at 21:28

jwadsack

5,708
2
40
50

1

I wish I'd seen this answer first. Installing 1.9.3 on Mac OS X with RVM wasn't working, even with the solutions proposed above. Updating RVM did the trick, though. – chris_radcliff Apr 11 '12 at 19:53
This was what did it for me too (upgrading from 1.9.2 to 1.9.3) thanks @jwadsack – Anna Billstrom Jul 31 '12 at 16:12
these days running the command you mention gives a message that says "you are running an old and broken ubuntu package, see http://stackoverflow.com/questions/9056008/installed-ruby-1-9-3-with-rvm-but-command-line-doesnt-show-ruby-v/9056395#9056395 for how to fix it" – rogerdpack Dec 26 '12 at 16:20

score 40 · Answer 2 · answered Oct 26 '11 at 10:39

40

If do not want to change the script AND you do not want to add a cert "for ever" to the cert bundle. There is a very nice and quick solution:

#to download the cert
wget http://curl.haxx.se/ca/cacert.pem
#to let curl use it for the next calls
export CURL_CA_BUNDLE=~/cacert.pem

Then run your script. To reset the environment variable (for subsequent script calls that should not use this cert) re-login to your system or unset the environment variable:

export CURL_CA_BUNDLE=

answered Oct 26 '11 at 10:39

DanielaWaranie

1,405
1
17
22

This fixed an issue with yaml, but I have separate issues with some other part of the complication. – Emerson Nov 08 '11 at 22:40
4

Now i can get rvm to install on CentOS. Thanks you very much – channa ly Dec 13 '11 at 09:02
Does nothing on OSX Lion w/ rvm 1.8.3. – Mark Richman Apr 21 '12 at 15:54
Works well on Centos5.4. Thank you. – goofansu Jan 04 '13 at 09:35
Works like a charm on OSX Mountain Lion in order to get ruby 2.0.0. – Arkan Feb 24 '13 at 19:38
It does not work on 10.9.4. RVM ends with: curl: (77) error setting certificate verify locations: CAfile: /Users/veleno/cacert.pem CApath: none There was an error while trying to resolve rubygems version for 'latest'. Halting the installation. – Valerio Schiavoni Aug 12 '14 at 08:06
This is a fabulous solution. – Jacob CUI Mar 24 '15 at 00:23

score 21 · Answer 3 · answered Aug 02 '11 at 19:14

21

Curl is invoked in .rvm/scripts/fetch, which by default will be in your home directory.

Edit this using your favourite text editor: for example,

 nano ~/.rvm/scripts/fetch

In lines 56 and 58 (may vary with other versions of RVM, of course) you'll see two lines which begin

 fetch_command="curl ...

Simply add -k after curl, save and try again.

answered Aug 02 '11 at 19:14

Richard Fairhurst

816
1
7
15

9

It didn't work for me, but i followed your idea and found out this alternative: Create a ".curlrc" file in your home folder ('~/.curlrc') . Open it in any editor and type "insecure" into the file. Save the file and hope for the best. – Julian Weimer Sep 06 '11 at 17:46
8

RVM will never include that change, we discourage doing it this way, if you need to use insecure (-k) just call `echo insecure >> ~/.curlrc` or even better just update certificates per @dbikard instructions – mpapis Dec 10 '11 at 19:07
worked on debian squeeze. Even older posts can save a lot of time ;) thx! – 23tux Feb 16 '12 at 14:16
@mpapis I totally agree, but an error explaining e.g. user620965 's solution in the RVM install errors would be great – Houen Feb 20 '12 at 00:24
@Houen The error msg says that exactly ... i'm not sure if I could do anything more, feel free to open an issue https://github.com/wayneeseguin/rvm/issues if you know how it could be improved – mpapis Feb 20 '12 at 02:50
@mpapis huh, I completely missed it in mine - sorry for the confusion :-) – Houen Feb 20 '12 at 13:55
3

This is most likely because of the URL change to rvm.io mentioned in the post below and is the correct way to address this. You don't need to ignore SSL certs or curl behavior. Just update rvm from the proper URL by issuing $ curl -L get.rvm.io | bash -s stable as shown below – cclark Apr 23 '12 at 05:59
See @jwadsack's answer instead. – Marc-André Lafortune Apr 23 '12 at 12:40

score 20 · Answer 4 · edited Mar 27 '12 at 06:50

20

You need to download the ca certificate from http://curl.haxx.se/ca/cacert.pem and add them to your curl-ca-bundle-new.crt file.

To find the location of this file use:

   $ curl-config --ca

   /usr/share/curl/curl-ca-bundle.crt

Backup your curl-ca-bundle.crt file:

$ cp /usr/share/curl/curl-ca-bundle.crt /usr/share/curl/curl-ca-bundle.crt.old

Then you want to concatenate the two file using:

$ cat cacert.pem /usr/share/curl/curl-ca-bundle.crt >> curl-ca-bundle-new.crt

edited Mar 27 '12 at 06:50

rafamvc

8,227
6
31
34

answered Jul 25 '11 at 13:49

dbikard

491
1
4
13

This (would have) saved me *HOURS* on OpenIndiana 151. If I could upvote more than once I would. – Andrew Burns Feb 08 '12 at 20:50
This worked for me on CentOS 5.8; Certs are located in /etc/pki/certs/ for those that need to find it on CentOS! – geedew Feb 21 '14 at 15:56
And what you do with the resulting curl-ca-bundle-new.crt? – Valerio Schiavoni Aug 12 '14 at 08:14
The new certificate file should be present in the directory found using 'curl-config --ca' . – Anirudh Mar 22 '15 at 06:09

Nick Messick · Answer 5 · 2012-08-20T18:07:49.930

17

Perhaps all these complicated solutions were once necessary, but now all you need to do is first upgrade RVM and your problem will be solved:

$ rvm get stable
$ rvm reload
$ rvm install ruby-1.9.3-p194

edited Aug 20 '12 at 18:07

answered May 04 '12 at 15:59

Nick Messick

3,202
3
30
41

2

Unfortunately, if your version of RVM is old enough, "rvm get head" doesn't even work. @jwadsack's answer explains why. – Alex D Aug 18 '12 at 15:03
yeah, that's true. Also, looking back at my answer, "rvm get head" isn't the best advice either. It really should be "rvm get stable". I am going to edit my answer to reflect this. – Nick Messick Aug 20 '12 at 18:07

score 14 · Answer 6 · answered Aug 02 '12 at 14:47

14

If you don't mind disabling certificate check in curl (I don't):

echo insecure > ~/.curlrc

answered Aug 02 '12 at 14:47

Vojto

6,901
4
27
33

score 11 · Answer 7 · answered Sep 29 '11 at 14:49

On Centos 5.6 (Final) I had a problem with installing rvm 1.9.2 The error was:

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). The default
 bundle is named curl-ca-bundle.crt; you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
ERROR: There was an error, please check /usr/local/rvm/log/ruby-1.9.2-p290/*.log. Next we'll try to fetch via http.
Trying http:// URL instead.

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). The default
 bundle is named curl-ca-bundle.crt; you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
ERROR: There was an error, please check /usr/local/rvm/log/ruby-1.9.2-p290/*.log
ERROR: There has been an error while trying to fetch the source.  
Halting the installation.
ERROR: There has been an error fetching the ruby interpreter. Halting the installation.

Here is a list of actions which helped me to solve the problem

$ curl-config --ca # show path to the certificate
/usr/local/share/curl/curl-ca-bundle.crt
$ cd /usr/local/share/curl/ # go to that path
$ cp curl-ca-bundle.crt curl-ca-bundle.crt.bak # backup certificate
$ curl http://curl.haxx.se/ca/cacert.pem -o curl-ca-bundle.crt # download new
$ rvm install 1.9.2 # bingo it works

Btw curl version is curl 7.18.0 (to check '$ curl -V')

Good solution, in my case I had this error when executing "rvm get head". And be careful in linux with the name of file curl-ca-bundle.crt ! is different — Albert Català, Dec 12 '13 at 10:49

score 3 · Answer 8 · answered Sep 27 '11 at 18:22

I was attempting to install ruby-1.9.2-p290 and came across the same problem. After running which curl and realizing that the curl instance was coming from an installation of MAMP on my system (OS X Snow Leopard), I reconfigured my PATH variable to use the system default at /usr/bin/curl. Using this version, curl 7.19.7, I had no problem installing the latest version of Ruby with RVM.

score 2 · Answer 9 · answered Jul 05 '11 at 13:38

I had trouble installing 1.9.2 using RVM, here is my solution:

Download yaml-0.1.3.tar.gz from http://www.filewatcher.com/m/yaml-0.1.3.tar.gz.466845.0.0.html
Save it to /Users//.rvm/archives/yaml-0.1.3.tar.gz
Run these commands:

chmod 777 yaml-0.1.3.tar.gz

tar zxf /Users//.rvm/archives/yaml-0.1.3.tar.gz -C /Users//.rvm/src

I still got the file not found error but the installation went on to be successful

[2011-07-05 14:24:07] tar zxf /Users//.rvm/archives/yaml-0.1.3.tar.gz -C /Users//.rvm/src --no-same-owner tar (child): /Users//.rvm/archives/yaml-0.1.3.tar.gz: Cannot open: No such file or directory tar (child): Error is not recoverable: exiting now tar: Child returned status 2 tar: Error exit delayed from previous errors

I did something similar and worked out just fine: `wget http://pyyaml.org/download/libyaml/yaml-0.1.4.tar.gz; cp yaml-0.1.4.tar.gz /Users/yourname/.rvm/archives; rvm install default` — Wei, Dec 27 '11 at 15:02
Only this solution worked for me on Mac Osx Lion. Thanks alot! — treppo, Apr 07 '12 at 01:43

Duke3D · Answer 10 · 2011-07-26T17:02:07.317

Thank you Dorothy - this recipe worked for me with the following minor modifications for a Win7 environment:

For others with this issue -

Appreciate the discussion about updating the CA_Bundle - Good to do but it didn't help with this issue - the pyyaml website cert will still cause CURL to throw an error and since CURL is launched within the installer, no way to add a -k option.
Ruby 1.9.2-p290 is trying to install YAML 0.1.4 so Google for a mirror and download that version - YAML-0.1.3 will have no effect in bypassing the issues.
You need to do the windows equivalent of CHMOD 777 - within the rvm/src folder to the extracted files. Change security so that everyone has ownership/all privileges and turn off the read-only attribute for all files and folders.

The installer will still throw errors when it tries to download (CURL error), but will resume by trying to extract. The extraction will throw errors because the tarball is already extracted to the src folder. The next step of configuring YAML should work without errors if permissions in step 3 were set correctly and the installation should complete without further problems. (If installing via cygwin/bash, you will need to add a C compiler like 'gcc' and add 'ncurses' (tput command) and 'make' to the default core cygwin setup options.)

Uladz Kha · Answer 11 · 2012-09-25T21:35:40.340

0

$ sudo apt-get install curl

$ curl -L https://get.rvm.io | bash -s stable --ruby   with ruby

$ curl -L https://get.rvm.io | bash -s stable --rails   with rails

edited Sep 25 '12 at 21:35

answered Sep 25 '12 at 21:03

Uladz Kha

2,154
4
40
61

Curl Certificate Error when Using RVM to install Ruby 1.9.2

11 Answers11

Linked