Menu
I am using OSX: 10.12.4
I originally was able to use git, homebrew and curl without any problems. I don't remember what I did to cause it, but all of a sudden these SSL errors starting appearing in my git commands.
I get unable to get local issuer certificate errors on running any git command. In addition, I get the error when trying to reinstall git using brew install git.
The relevant part of brew output:
Downloading https://www.kernel.org/pub/software/scm/git/git-2.12.2.tar.xz
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
I have tried:
For example, perhaps squid808's answer to a similar question could help me. He says "Instead, it is the Root CA Cert from our domain that I should have been exporting and telling Git to trust." I have little understanding of what this means or if it is relevant to me, or how I would go about doing this. Based on my research it seems like this is more for people running servers. It also seems to be for windows, and I am on Mac.
I understand that as a temporary fix I can use git config --global http.sslVerify false in addition to the -k option in curl. These workarounds are insecure, so I'd like to get my SSL security back up and running ASAP.
Output of curl -L https://homebrew.bintray.com/bottles/libpng-1.6.29.sierra.bottle.tar.gz | bash -s stable (part of a brew attempt that similarly fails)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
Apologies
I have another account that I was not able to maintain a positive reputation on. I am trying to identify and fix everything I was doing wrong before. Any feedback on how I can improve the quality of this question would be much appreciated. Thank you.
878
I needed to run brew doctor and fix an issue. Then I needed to restart my shell. Finally, after those 2 steps, brew install worked again.
Unfortunately, I was not able to identify which warning was pointing at the perpetrator. When I first ran brew doctor, there were probably about 10 warnings. I cleared a lot of them before I realized I needed to restart my shell, and after restarting it worked.
I think I found the root of the problem:
Warning: Setting DYLD_* vars can break dynamic linking.
Set variables:
DYLD_LIBRARY_PATH: /Applications/MATLAB/MATLAB_Runtime/v92/runtime/maci64:/Applications/MATLAB/MATLAB_Runtime/v92/sys/os/maci64:/Applications/MATLAB/MATLAB_Runtime/v92/bin/maci64
Commenting out the line
set -x DYLD_LIBRARY_PATH /Applications/MATLAB/MATLAB_Runtime/v92/runtime/maci64:/Applications/MATLAB/MATLAB_Runtime/v92/sys/os/maci64:/Applications/MATLAB/MATLAB_Runtime/v92/bin/maci64
in ~/.config/fish/config.fish and then restarting my shell seems to fix the problem for me so far.
Thanks @VonC for referencing the issue that lead me to attempt brew doctor.
75
This is similar to what was reported in Homebrew/brew issue 1625, and documented by Eduard Rozenberg (edrozenberg):
Similar-sounding problems also reported by John Siracusa of ATP Podcast on the Dec 7 podcast.
Most likely trigger for the problem: enabling iCloud Keychain in iCloud settings
One or more observable symptoms when issue is happening:
- A pop-up MacOS message that keychain has to be repaired/reset
- When looking at Keychain Access tool, keychains appear to be empty and set to Read-Only mode
- When looking at Keychain Access tool, keychain icons on sidebar are missing (dotted borders)
- Trying to navigate to https://google.com in Google Chrome fails with an SSL CERT error Running brew search pip for example, shows the curl (35) certificate error message
The problem can be temporarily resolved by logging out and back in, and/or rebooting. After it is resolved, the Keychain Access tool will show all the keychains and their contents as it should. The problem is likely to recur at a later time.
Hoping (fingers X) that a Mac OS patch (maybe 10.12.2?) will resolve the root cause.
Otherwise one idea is to disable the iCloud Keychain option in iCloud prefs (have not yet tried).
Since you in in Mac Sierra 10.12.4... I suspect no patch did solve this yet.
This other issue mentions (by jamver):
I encountered this issue specifically after updating to macOS Sierra (10.12), with resolution coming from the workaround from this legacy-homebrew ticket:
cd ~
sudo wget http://curl.haxx.se/ca/cacert.pem
export CURL_CA_BUNDLE=~/cacert.pem
FWIW, this solved most, but not all issues. The others I resolved by manually downloading the packages using wget and placing them in the Homebrew Cache Dir.
I'd be interested to know the correct fix. e.g. Update system ca bundle? Apple patch required for system bundle?
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
