SSL certificate problem?

[OscarGodson]

Whenever I copy and paste the curl install line I get:

fatal: unable to access 'https://github.com/creationix/nvm.git/': SSL certificate problem: unable to get local issuer certificate

I tried it with the -k option which usually helps in other cases, but still doesn't work because, I assume, you're creating another curl call dynamically. I can pull from github and clone just fine so I don't think it has anything to do with my ssh keys with github.

[ljharb]

This sounds like it's an issue with the SSL certificates on your system itself, since we're just using your system curl - can you curl https://github.com/creationix/nvm.git/ on the command line?

[OscarGodson]

A friend and I get the same thing (totally different setups) for your test command which is:

<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

I believe thats correct, right?

[ljharb]

Yes, that's correct. I'm not sure why it's not working - when you don't have git installed, under the hood nvm is just running curl -s https://raw.github.com/creationix/nvm/master/nvm.sh and saving that in nvm.sh.

However, since you have git installed, that looks like it might be a git thing.

What other output do you see besides the one error line you provided?

[OscarGodson]

All I get is this when I copy the install line on the README:

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

[OscarGodson]

And, if i do -k I get that line in the original post

[ljharb]

I'm pretty confident this is due to outdated SSL certs on your system - perhaps related to Heartbleed revocations. Please make sure your system, including openssl, is fully updated, and let me know if you continue to have this problem.

[OscarGodson]

@ljharb I spent literally days debugging this. Finally, someone suggested I reinstall curl. That fixed it. Just in case anyone runs into this, in my case, the fix was:

brew uninstall curl
brew install curl

Then the install command worked

[ljharb]

Awesome, thanks for the followup!

[sumitramteke]

yum install ca-certificates update-ca-trust force-enable then try again

[msdlisper]

yum update -y nss curl libcurl