ERROR: SSL verification error at depth 1: self signed certificate in certificate chain on gem install

[maddy10s]

gem install/ update command fives below error

ERROR: SSL verification error at depth 1: self signed certificate in certificate chain (19) ERROR: Root certificate is not trusted (/C=XX/ST=XX/L=squid/O=squid/CN=squid) ERROR: While executing gem ... (Gem::RemoteFetcher::FetchError) SSL_connect returned=1 errno=0 peeraddr=151.101.65.227:443 state=error: certificate verify failed (self signed certificate in certificate chain) (https://rubygems.org/specs.4.8.gz) /Users/ec2-user/.rvm/rubies/ruby-3.1.1/lib/ruby/site_ruby/3.1.0/rubygems/request.rb:132:in `rescue in connection_for'

I tried all steps mentioned at ubygems_tls_ssl_troubleshooting_guidebut nothing seems working.

output of gem env:

• RUBYGEMS VERSION: 3.3.20
• RUBY VERSION: 3.1.1 (2022-02-18 patchlevel 18) [x86_64-darwin20]
• INSTALLATION DIRECTORY: /Users/ec2-user/.rvm/gems/ruby-3.1.1
• USER INSTALLATION DIRECTORY: /Users/ec2-user/.gem/ruby/3.1.0
• RUBY EXECUTABLE: /Users/ec2-user/.rvm/rubies/ruby-3.1.1/bin/ruby
• GIT EXECUTABLE: /usr/bin/git
• EXECUTABLE DIRECTORY: /Users/ec2-user/.rvm/gems/ruby-3.1.1/bin
• SPEC CACHE DIRECTORY: /Users/ec2-user/.gem/specs
• SYSTEM CONFIGURATION DIRECTORY: /Users/ec2-user/.rvm/rubies/ruby-3.1.1/etc
• RUBYGEMS PLATFORMS:
  • ruby
  • x86_64-darwin-20
• GEM PATHS:
  • /Users/ec2-user/.rvm/gems/ruby-3.1.1
  • /Users/ec2-user/.rvm/rubies/ruby-3.1.1/lib/ruby/gems/3.1.0
• GEM CONFIGURATION:
  • :update_sources => true
  • :verbose => true
  • :backtrace => true
  • :bulk_threshold => 1000
• REMOTE SOURCES:
  • https://rubygems.org/
• SHELL PATH:
  • /Users/ec2-user/.rvm/gems/ruby-3.1.1/bin
  • /Users/ec2-user/.rvm/gems/ruby-3.1.1@global/bin
  • /Users/ec2-user/.rvm/rubies/ruby-3.1.1/bin
  • /usr/local/bin
  • /usr/bin
  • /bin
  • /usr/sbin
  • /sbin
  • /Library/Apple/usr/bin
  • /Users/ec2-user/.rvm/bin

output of bundle env :

Environment

Bundler       2.3.20
  Platforms   ruby, x86_64-darwin-20
Ruby          3.1.1p18 (2022-02-18 revision 53f5fc4236a754ddf94b20dbb70ab63bd5109b18) [x86_64-darwin-20]
  Full Path   /Users/ec2-user/.rvm/rubies/ruby-3.1.1/bin/ruby
  Config Dir  /Users/ec2-user/.rvm/rubies/ruby-3.1.1/etc
RubyGems      3.3.20
  Gem Home    /Users/ec2-user/.rvm/gems/ruby-3.1.1
  Gem Path    /Users/ec2-user/.rvm/gems/ruby-3.1.1:/Users/ec2-user/.rvm/rubies/ruby-3.1.1/lib/ruby/gems/3.1.0
  User Home   /Users/ec2-user
  User Path   /Users/ec2-user/.gem/ruby/3.1.0
  Bin Dir     /Users/ec2-user/.rvm/gems/ruby-3.1.1/bin
Tools         
  Git         2.30.1 (Apple Git-130)
  RVM         1.29.12 (latest)
  rbenv       not installed
  chruby      not installed

Bundler Build Metadata

Built At          2022-08-10
Git SHA           4fd2813f54
Released Version  true

[deivid-rodriguez]

Could you post the results of the different tests in the troubleshooting guide?

[maddy10s]

I am using aws mac1.metal ec2 instance with Big Sur OS. The system has preinstalled ruby version 2.6.0, but when I try installing something I get below error.

ERROR: While executing gem ... (Gem::FilePermissionError) You don't have write permissions for the /System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/lib/ruby/gems/2.6.0 directory. /Library/Ruby/Site/2.6.0/rubygems/installer.rb:712:in `verify_gem_home'

I tried installing latest version of ruby with rvm, installing downloaded gem file and brew. All of them are successful.

gem install --local /Users/ec2-user/Downloads/rubygems-update-3.3.20.gem Successfully installed rubygems-update-3.3.20 Parsing documentation for rubygems-update-3.3.20 Installing ri documentation for rubygems-update-3.3.20 Done installing documentation for rubygems-update after 216 seconds 1 gem installed

ec2-user@ip-X-X-X-X ~ % brew install ruby ==> Downloading https://ghcr.io/v2/homebrew/core/ruby/manifests/3.1.2_1 Already downloaded: /Users/ec2-user/Library/Caches/Homebrew/downloads/3a2bc1822bbf5b186080ff360573cae3ae00cd421eff2be279e646f2a7c3dfd4--ruby-3.1.2_1.bottle_manifest.json ==> Downloading https://ghcr.io/v2/homebrew/core/ruby/blobs/sha256:49cbb1dddd7c8 ==> Downloading from https://pkg-containers.githubusercontent.com/ghcr1/blobs/sh ######################################################################## 100.0% ==> Pouring ruby--3.1.2_1.big_sur.bottle.tar.gz ==> Caveats By default, binaries installed by gem will be placed into: /usr/local/lib/ruby/gems/3.1.0/bin

You may want to add this to your PATH.

ruby is keg-only, which means it was not symlinked into /usr/local, because macOS already provides this software and installing another version in parallel can cause all kinds of trouble.

If you need to have ruby first in your PATH, run: echo 'export PATH="/usr/local/opt/ruby/bin:$PATH"' >> ~/.zshrc

For compilers to find ruby you may need to set: export LDFLAGS="-L/usr/local/opt/ruby/lib" export CPPFLAGS="-I/usr/local/opt/ruby/include"

For pkg-config to find ruby you may need to set: export PKG_CONFIG_PATH="/usr/local/opt/ruby/lib/pkgconfig"

==> Summary 🍺 /usr/local/Cellar/ruby/3.1.2_1: 15,996 files, 42.5MB ==> Running brew cleanup ruby... Disable this behaviour by setting HOMEBREW_NO_INSTALL_CLEANUP. Hide these hints with HOMEBREW_NO_ENV_HINTS (see man brew).

ec2-user@ip-X-X-X-X ~ % which ruby /usr/local/opt/ruby/bin/ruby ec2-user@ip-X-X-X-X ~ % ruby -v ruby 3.1.2p20 (2022-04-12 revision 4491bb740a) [x86_64-darwin20] ec2-user@ip-X-X-X-X ~ %

After installing latest ruby and updating certs as mentioned here it is giving ssl errors

ec2-user@ip-X-X-X-X ~ % gem update --system ERROR: SSL verification error at depth 1: self signed certificate in certificate chain (19) ERROR: Root certificate is not trusted (/C=XX/ST=XX/L=squid/O=squid/CN=squid) ERROR: While executing gem ... (Gem::RemoteFetcher::FetchError) SSL_connect returned=1 errno=0 peeraddr=151.101.193.2

SSL check also fails where as it connected when I was on default ruby 2.6.0

ec2-user@ip-X-X-X-X~ % curl -Lks 'https://git.io/rg-ssl' | ruby Here's your Ruby and OpenSSL environment:

Ruby: 3.1.2p20 (2022-04-12 revision 4491bb740a9506d76391ac44bb2fe6e483fec952) [x86_64-darwin20] RubyGems: 3.3.11 Bundler: 2.3.11 Compiled with: OpenSSL 1.1.1q 5 Jul 2022 Loaded version: OpenSSL 1.1.1q 5 Jul 2022 SSL_CERT_FILE: /usr/local/etc/[email protected]/cert.pem SSL_CERT_DIR: /usr/local/etc/[email protected]/certs

With that out of the way, let's see if you can connect to rubygems.org...

Bundler connection to rubygems.org: failed ❌ (Net::OpenTimeout) ERROR: SSL verification error at depth 1: self signed certificate in certificate chain (19) ERROR: Root certificate is not trusted (/C=XX/ST=XX/L=squid/O=squid/CN=squid) RubyGems connection to rubygems.org: failed ❌ (certificate verification) Ruby net/http connection to rubygems.org: failed ❌

Unfortunately, this Ruby can't connect to rubygems.org. 😡 Your Ruby can't connect to rubygems.org because you are missing the certificate files OpenSSL needs to verify you are connecting to the genuine rubygems.org servers.

[deivid-rodriguez]

Honestly, I'm not sure what's going on, I think your network might be misconfigured somehow.

But in any case, the report is confusing because initially you were using an RVM ruby and now you seem to be using a brew Ruby. I would start from scratch by completely removing the one Ruby installed by brew, and the one installed by RVM, and reinstall Ruby using rbenv.

[maddy10s]

removed everything and reinstalled using rbenv but still getting the same error

curl -Lks 'https://git.io/rg-ssl' | ruby

Here's your Ruby and OpenSSL environment:

Ruby: 3.1.2p20 (2022-04-12 revision 4491bb740a9506d76391ac44bb2fe6e483fec952) [x86_64-darwin20] RubyGems: 3.3.7 Bundler: 2.3.7 Compiled with: OpenSSL 3.0.5 5 Jul 2022 Loaded version: OpenSSL 3.0.5 5 Jul 2022 SSL_CERT_FILE: /Users/ec2-user/.rbenv/versions/3.1.2/openssl/ssl/cert.pem SSL_CERT_DIR: /Users/ec2-user/.rbenv/versions/3.1.2/openssl/ssl/certs

With that out of the way, let's see if you can connect to rubygems.org...

Bundler connection to rubygems.org: failed ❌ (Net::OpenTimeout) ERROR: SSL verification error at depth 1: self-signed certificate in certificate chain (19) ERROR: Root certificate is not trusted (/C=XX/ST=XX/L=squid/O=squid/CN=squid) RubyGems connection to rubygems.org: failed ❌ (certificate verification) Ruby net/http connection to rubygems.org: failed ❌

Unfortunately, this Ruby can't connect to rubygems.org. 😡 Your Ruby can't connect to rubygems.org because you are missing the certificate files OpenSSL needs to verify you are connecting to the genuine rubygems.org servers.

[deivid-rodriguez]

And that same error happens both before and after manually installing certificates as suggested at https://bundler.io/guides/rubygems_tls_ssl_troubleshooting_guide.html#updating-ca-certificates, correct?

[maddy10s]

yes, same error even after adding the cert

gem update --system

ERROR: SSL verification error at depth 1: self-signed certificate in certificate chain (19) ERROR: Root certificate is not trusted (/C=XX/ST=XX/L=squid/O=squid/CN=squid) ERROR: While executing gem ... (Gem::RemoteFetcher::FetchError) SSL_connect returned=1 errno=0 peeraddr=151.101.65.227:443 state=error: certificate verify failed (self-signed certificate in certificate chain) (https://rubygems.org/specs.4.8.gz)

[deivid-rodriguez]

It seems like some network configuration issue, where rubygems.org is not trusting your root certificate. Are you behind a proxy? I'm not network expert at all, do you have a network administrator you can talk to?

[maddy10s]

I am using a mac ec2 instance on our vpc

[deivid-rodriguez]

It seems that you're using an outboud vpc proxy? Perhaps you need to whitelist rubygems.org?

[deivid-rodriguez]

Closing since we got no further feedback.