46

I'm fairly new to github and git, but I do have git setup on my Mac (using Mavericks) and have added a repo on github. I'm using MAMP and working on a Drupal site, and when I try my first push to the repo, using git push origin master I get an error:

error: SSL certificate problem: Invalid certificate chain while accessing
    https://githib.com/...git/info/refs?service=git-receive-pack
fatal: HTTP request failed

I've looked around to try and make sense of this error without any luck. I'd greatly appreciate any help.

james
  • 707
  • 2
  • 6
  • 13
  • 1
    As the error message states, it's some kind of SSL/HTTPS error, where one of the SSL certificates in the chain is invalid. Possible duplicate of [SSL certificate rejected trying to access GitHub over HTTPS behind firewall](http://stackoverflow.com/q/3777075/456814) and [SSL certificate issue when trying to clone Git repository within Cygwin](http://stackoverflow.com/q/4652532/456814). One way to solve it is by using an SSH URI for your remote alias instead of HTTPS. Whatever you do, **DO NOT DISABLE SSL VERIFICATION** unless you're ***absolutely sure that it's safe*** in your situation. –  Apr 28 '14 at 02:50
  • Could this have anything to do with my keychain access showing: "com.apple.ubiquity.ssl-cert.78... self-signed root certificate expired Dec.12.2013 this root cerificate is not trusted"? This appears twice in my keychain list. I don't have any experience dealing with this kind of SSL. The only experience with SSL I have is getting them for ecommerce sites. – james Apr 28 '14 at 15:23
  • 1
    A self-signed certificate sounds like it could be your problem. Do you know why you have it in your keychain? Anyways, you could avoid the whole SSL issue altogether if you just use a `git://` SSH protocol URL for your GitHub repo instead, if that's an option. –  Apr 28 '14 at 15:44
  • I've setup SSH keys on my end but having trouble changing repo to SSH instead on https. from my .sh directory I'm adding: git remote set-url origin git://github.com/my-user-name/repo-name.git and what I get is: fatal: Not a git repository (or any of the parent directories): .git Can I just ceate another (SSH) repo or is there a way to change it? – james Apr 28 '14 at 22:56
  • You can clone another repo using a `git://` URL if you want, but the error message you're getting literally says that you're trying to run a command from a directory that isn't a git repo. `.sh` isn't supposed to be a git repo, is it? –  Apr 28 '14 at 23:05
  • oops, you're right. It was ".ssh", but I've gone to the directory where the repo is (my master) and the command seems to have worked- well it just returned, that is. So when I try: MacBook-Pro:[master-directory] username$ git push origin master fatal: remote error: You can't push to git://github.com/user-name/repo-name.git Use https://github.com/user-name/repo-name.git – james Apr 28 '14 at 23:33
  • This is the git protocol url for my [Git Ninja Toolkit](https://github.com/coldhawaiian/git-ninja-toolkit) repo: `git@github.com:coldhawaiian/git-ninja-toolkit.git`. It actually uses an [SCP-style](http://en.wikipedia.org/wiki/Secure_copy) URI (which uses SSH). See also [git-fetch: Git Urls](https://www.kernel.org/pub/software/scm/git/docs/git-fetch.html#_git_urls_a_id_urls_a). You can get your own SCP/SSH URI off of your repo's GitHub page from the sidebar on the right. Try that. –  Apr 28 '14 at 23:45
  • I tried it and it worked! I was able to push my master to origin. Thank you so much. – james Apr 29 '14 at 16:34

7 Answers7

115

if you use self generated ssl key, you can try this.

git config --global http.sslVerify false

Refer https://confluence.atlassian.com/display/FISHKB/Unable+to+clone+Git+repository+due+to+self+signed+certificate

thatsjoke
  • 1,199
  • 1
  • 8
  • 4
  • 1
    Fixed it for me – Konrad Sep 23 '16 at 12:53
  • 6
    You don't need to disable sslVerify. In mac, you can update your Keychain Access using safari to open your git server, then check Always Trust. Then, update ~/.gitconfig to your self generated ssl certificate. – Ben P.P. Tung Nov 02 '16 at 13:58
61

I recently (Jul 2014) had a similar issue and found on OS X (10.9.4) that there was a "DigiCert High Assurance EV Root CA" certificate had expired (although I had another unexpired one as well).

  1. Open Keychain Access
  2. search Certificates for "DigiCert"
  3. View menu > Show Expired Certificates

I found two certificates named "DigiCert High Assurance EV Root CA", one expiring Nov 2031 and the expired one at July 2014 (a few of days previously). Deleting the expired certificate resolved the issue for me.

Hope this helps.

craigb
  • 16,827
  • 7
  • 51
  • 62
  • 2
    This fix worked for me too. Official answer found on DigiCert's site: [Fix for an Expired Intermediate SSL Certificate Chain](https://blog.digicert.com/expired-intermediate-certificate/) – mhulse Jul 28 '14 at 22:52
8

Check your clock! In my case I was using HTTPS but my clock was wrong, I disabled SSL but eventually I realized the problem was the clock. Updating the clock and reenabling SSL did the trick:

git config --global http.sslVerify true
fpg1503
  • 7,492
  • 6
  • 29
  • 49
2

Wondering when this has changed or why it worked for others, but for me the solution was basically to use https instead of http:

git config --global https.sslVerify false
Roland
  • 22,259
  • 4
  • 57
  • 84
  • Oddly this worked for me, to get back to producing. Yet, not satisfactory: nothing that I am aware of changed on origin, so why should sslVerify be set to false? – Jerome Apr 19 '21 at 11:38
0

I got this error after having been able to clone lots of repos with no problem. The problem was that I had a typo in my repo url's domain (github.om instead of github.com). I'm sure this error is correct in some way but not the most helpful for this specific problem.

Jake
  • 2,852
  • 7
  • 32
  • 39
0

We had this error in one of our Git servers that was using a non self-signed certificate. We have been able to identify it and to fix it: it was caused by an intermediate certificate (GlobalSign G2 certificate) that was not registered in our reverse proxy in front of the Git server (we are using HTTPS until the reverse proxy).

This bug report helped us to identify the cause.

We are using nginx as reverse proxy. The official documentation give insights.

And this tutorial explains how to fix it.

jplandrain
  • 2,278
  • 4
  • 24
  • 24
0

I was seeing this error from Visual studio 2019 when trying to pull the code. To fix the issue, Enable Secure Channel in Global settings ( Go to Tools --> Options --> Source Control --> Git Global Settings --> from Cryptographic network provider dropdown select "Secure Channel".

Note : if you dont see the git global setting option in source control

  1. install all the updates for visual studio ( check the bell icon bottom right most icon on ready bar from visual studio)
  2. install Github extension for Visual studio package ( Go to Extensions --> Manage Extensions --> search for the package. Note that, the package will be installed when you close the visual studio editor)
RaturiMic
  • 73
  • 1
  • 8