Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid certificate chain for Ubuntu 18-supported certificate #6197

Closed
l-astro opened this issue Sep 20, 2019 · 6 comments
Closed

Invalid certificate chain for Ubuntu 18-supported certificate #6197

l-astro opened this issue Sep 20, 2019 · 6 comments
Labels
Support Support question

Comments

@l-astro
Copy link

l-astro commented Sep 20, 2019

Details

I'm getting the same error as #1885 and #2226. Our certificate is supported by Ubuntu 18, but not 16... I can git clone the repo on my mac without issue.

  • Read the Docs project URL: data-central.readthedocs.io

Expected Result

git clone over https

Actual Result

Received the following error at the git clone step:

// ... server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
@stsewd
Copy link
Member

stsewd commented Sep 23, 2019

We actually use ubuntu 18 on our current docker images. I tried on my local computer (fedora 30)

/tmp ⌚ 13:27:47
$ git clone --no-single-branch --depth 50 https://dev.aao.org.au/datacentral/public/dcmetadata-docs.git   
Cloning into 'dcmetadata-docs'...
fatal: unable to access 'https://dev.aao.org.au/datacentral/public/dcmetadata-docs.git/': SSL certificate problem: unable to get local issuer certificate

@stsewd stsewd added Needed: more information A reply from issue author is required Support Support question labels Sep 23, 2019
@l-astro
Copy link
Author

l-astro commented Oct 1, 2019

Sorry, I'm not sure what additional info is needed here from our side, can you please clarify? We can git clone on Mac Mojave 10.14.6 and Ubuntu 18.

@no-response no-response bot removed the Needed: more information A reply from issue author is required label Oct 1, 2019
@drsimmo
Copy link

drsimmo commented Oct 1, 2019

A git clone of this repository also works with macOS High Sierra 10.13.6. It does not work with Ubuntu 16.04 or earlier.

The certificate from https:/dev.aao.org.au is from COMODO (now Sectigo) and was issued in December 2018.

@stsewd
Copy link
Member

stsewd commented Oct 3, 2019

This is from our docker images

~ ⌚ 15:52:42
$ docker run -it --rm readthedocs/build bash
stsewd@e1e22ecd6b21:/$ git --version
git version 2.17.1
stsewd@e1e22ecd6b21:/$ cd /tmp
stsewd@e1e22ecd6b21:/tmp$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 18.04.2 LTS
Release:	18.04
Codename:	bionic
stsewd@e1e22ecd6b21:/tmp$ git clone --no-single-branch --depth 50 https://dev.aao.org.au/datacentral/public/dcmetadata-docs.git
Cloning into 'dcmetadata-docs'...
fatal: unable to access 'https://dev.aao.org.au/datacentral/public/dcmetadata-docs.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
stsewd@e1e22ecd6b21:/tmp$

If you know what is required to fix this, a PR should be done in https://github.com/readthedocs/readthedocs-docker-images

@drsimmo
Copy link

drsimmo commented Oct 17, 2019

Hi,
It turns out that this was caused by the way that gitlab required SSL certificates to be chained. I correct the order of the certificates (on https://dev.aao.org.au) and this has resolved the issue. I guess that git on a Mac is not strict about this?
Anyway, thanks!

@stsewd
Copy link
Member

stsewd commented Oct 17, 2019

Great! Glad that you figured out :)

@stsewd stsewd closed this as completed Oct 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Support Support question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stsewd @drsimmo @l-astro