fatal: unable to access 'https://gopkg.in/yaml.v3/': server certificate verification failed.

niemeyer / gopkg

Source code for the gopkg.in service.

Other

539 stars 85 forks source link

fatal: unable to access 'https://gopkg.in/yaml.v3/': server certificate verification failed. #77

Closed tramitws closed 3 years ago

tramitws commented 3 years ago

Started today other packages are fine

..... go: finding github.com/denisenkom/go-mssqldb v0.0.0-20191124224453-732737034ffd go: finding github.com/stretchr/objx v0.1.0 go: gopkg.in/yaml.v3@v3.0.0-20200615113413-eeeca48fe776: git fetch -f origin refs/heads/:refs/heads/ refs/tags/:refs/tags/ in /go/pkg/mod/cache/vcs/5ea86ba1b933025fb7a7a539058d4acea777e0b3175c573a70130f7ea565323f: exit status 128: fatal: unable to access 'https://gopkg.in/yaml.v3/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none go: finding github.com/russross/blackfriday/v2 v2.0.1 go: finding gopkg.in/yaml.v2 v2.2.2 ....

baptistejamin commented 3 years ago

+1 getting the same here.

niemeyer commented 3 years ago

The problem is almost certainly an old root certificate on your end. There are more details here:

https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

In summary, the build machine itself needs to be updated so it gets a new root certificate bundle.

I'll keep this issue open so other people find it, but there's nothing we can do elsewhere.

pnikonowicz commented 3 years ago

updating root certs on our machine fixed the issue for us. Thank you for illuminating the issue so well.

tramitws commented 3 years ago

for me this on aws build machine, I don't have access to the machine, but I can run a command, can you help me with an command to update the certs. ubunto is good

Thanks

tramitws commented 3 years ago

yum update ca-certs ?

tramitws commented 3 years ago

yum doesn't exist on my env /codebuild/output/tmp/script.sh: 4: /codebuild/output/tmp/script.sh: yum: not found

What should I use please ?

tramitws commented 3 years ago

Updated in buildspec.yml to

install: runtime-versions: golang: 1.13

BlureX commented 3 years ago

Struggling to get this working for my side. Using AWS Codebuild as a CI/CD pipeline and so don't have full flexibility over the machine.

My runtime-versions for golang is 1.15.

Have tried adding the command update-ca-certificates --fresh -v into the build process but that does not seem to resolve anything. If anyone has any other suggestions, please let me know.

EDIT:

Adding the following command: apt-get install --reinstall ca-certificates into the buildspec.yml seems to have fixed things for anyone using AWS Codebuild that runs into this issue