fatal: unable to access 'https://xxxx.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

Question

I am using a jupyter notebook in the cloud and I want to push my jupyter notebooks into gitlab.

I ran the following commands in the folder:

git init
git remote add origin https://xxx.git
git add .
git commit -m "first commit"
git push -u origin master

After the last command, I got the error:

error: src refspec master does not match any.

So I ran

git show-ref

This showed three refs

refs/heads/main

refs/remotes/origin/HEAD

refs/remotes/origin/main

Trying

git push origin HEAD:master

gave the error about failed certificate verification. What am I doing wrong?

Note that you have set yourself up to have a branch named `main` instead of a branch named `master`. *The branch names you use are unimportant to Git itself.* Use whichever one(s) you like. But if you plan to continue with the name `main`, run `git push origin main` to send your commits to GitHub and ask GitHub to create or update the name `main` on their side. Use `git push origin HEAD:master` to send the commits, regardless of which name *you* are using, and ask GitHub to create or update the name `master` on their side. There's no need to use the same names on each side, but ... — torek, Oct 20 '21 at 20:10
... but humans normally do that because otherwise it's too confusing for us. — torek, Oct 20 '21 at 20:10

score 1 · Accepted Answer · edited Oct 27 '21 at 11:17

1

Probably you don't have a trusted TLS¹ certificate in the server where you're hosting your GitLab instance.

Personally I would recommend you that you use trusted certificates, since the ones from Let's Encrypt are totally free, but in any case you can disable TLS¹ verification for a single command:

git -c http.sslVerify=false push origin -u

Or (don't do that and use trusted cerficates) disable it at all for all the repositories:

git config --global http.sslVerify false

_{*1: TLS is new (not so new) replacement for SSL.}

Transport Layer Security (TLS), the successor of the now-deprecated Secure Sockets Layer (SSL), is a cryptographic protocol designed to provide communications security over a computer network.

- Wikipedia, Transport Layer Security link

edited Oct 27 '21 at 11:17

aljaxus

110
1
5

answered Oct 20 '21 at 12:30

Daniel Campos Olivares

2,262
1
10
17

Using `--global` for git-config but describing it as "for a given repository" → really? – iBug Oct 20 '21 at 12:32
Sorry, that was a problem with my English. I wanted to say to disable it for all given repositories. Thank you for noticing, I'll change it now. – Daniel Campos Olivares Oct 20 '21 at 12:46
1

FYI: You can just drop the `--global` flag so the setting is applied to a single local repository, where it'd be stored in `.git/config` of that repo instead of `~/.gitconfig`. – iBug Oct 20 '21 at 12:50

score 0 · Answer 2 · answered Sep 13 '22 at 10:35

Why disable ou bypass security ?

I found the problem. In my Nginx configuration, I had to provide "fullchain" certificate. Example:

ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; # managed by Certbot

Or for Apache configuration, check an older post here: PKIX path building failed: unable to find valid certification path to requested target

fatal: unable to access 'https://xxxx.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

2 Answers2