github: server certificate verification failed

git debian github

You can also disable SSL verification, (if the project does not require a high level of security other than login/password) by typing :

git config --global http.sslverify false

enjoy git :)


Make sure first that you have certificates installed on your Debian in /etc/ssl/certs.

If not, reinstall them:

sudo apt-get install --reinstall ca-certificates

Since that package does not include root certificates, add:

sudo mkdir /usr/local/share/ca-certificates/cacert.org
sudo wget -P /usr/local/share/ca-certificates/cacert.org http://www.cacert.org/certs/root.crt http://www.cacert.org/certs/class3.crt
sudo update-ca-certificates

Make sure your git does reference those CA:

git config --global http.sslCAinfo /etc/ssl/certs/ca-certificates.crt

Jason C mentions another potential cause (in the comments):

It was the clock. The NTP server was down, the system clock wasn't set properly, I didn't notice or think to check initially, and the incorrect time was causing verification to fail.

Certificates are time sensitive.


It can be also self-signed certificate, etc. Turning off SSL verification globally is unsafe. You can install the certificate so it will be visible for the system, but the certificate should be perfectly correct.

Or you can clone with one time configuration parameter, so the command will be:

git clone -c http.sslverify=false https://myserver/<user>/<project>.git;

GIT will remember the false value, you can check it in the <project>/.git/config file.


I also was having this error when trying to clone a repository from Github on a Windows Subsystem from Linux console:

fatal: unable to access 'http://github.com/docker/getting-started.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

The solution from @VonC on this thread didn't work for me.

The solution from this Fabian Lee's article solved it for me:

openssl s_client -showcerts -servername github.com -connect github.com:443 </dev/null 2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p'  > github-com.pem
cat github-com.pem | sudo tee -a /etc/ssl/certs/ca-certificates.crt

I had a similar problem and got the error message:

fatal: unable to access XXXX server certificate verification failed. CAfile: none CRLfile: none

It suddenly happened when I had tried to connect to my regular (WORKING!) gitlab server, SSL created with letsencrypt, from git under WSL2 ubuntu.

There were no problems accessing the server from the browser, the SSL chain seemed OK when checking with tools like https://www.sslshopper.com/ssl-checker.html

you need to update your CA certificates.

sudo apt update
sudo apt upgrade
sudo apt-get install --reinstall ca-certificates
sudo update-ca-certificates


# now it should work perfectly
git pull

it might happend because of this:
https://techcrunch.com/2021/09/21/lets-encrypt-root-expiry/

Related

How to toggle a UITextField secure text entry (hide password) in Swift?
B-tree faster than AVL or RedBlack-Tree? [closed]
Composer Update failed -- out of memory
no cached version available for offline mode
What USEFUL bitwise operator code tricks should a developer know about? [closed]
Google Maps SDK for iOS requires GoogleMaps.bundle to be part of your target under 'Copy Bundle Resources
How to logout and redirect to login page using Laravel 5.4?
Android: Creating a Circular TextView?
Set UITableView content inset permanently
CSS get height of screen resolution
SQLSTATE[HY000] [1698] Access denied for user 'root'@'localhost'
How come I can't remove the blue textarea border in Twitter Bootstrap?