I am trying to do the Michael Hartl tutorial. When I attempt to install rails 3.2.14 in my gemset, I get the following issue:
$ gem install rails -v 3.2.14
ERROR: Could not find a valid gem 'rails' (= 3.2.14), here is why:
Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://s3.amazonaws.com/production.s3.rubygems.org/specs.4.8.gz)
After Googling around, I found that I could use a non-SSL source for rubygems so I ran:
sudo gem sources -a http://rubygems.org
Then, when I tried to install rails again, it was successful. However, I still got the issue above but as a warning:
WARNING: Unable to pull data from 'https://rubygems.org/': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://s3.amazonaws.com/production.s3.rubygems.org/specs.4.8.gz)
How can I remove this warning/error entirely?
I am using the following:
This question is related to
ruby-on-rails
ruby
ssl
rvm
Make sure of that you have installed ruby with --disable-binary option, if not, uninstall it and reinstall it with the option.
more info here
As a Windows 10 user, I followed Dheerendra's answer, and it worked for me one day. The next day, I experienced the issue again, and his fix didn't work. For me, the fix was to update bundler with:
gem update bundler
I believe my version of bundler was more than a few months old.
Rubygems.org has a guide that not only explains how to fix this problem, but also why so many people are having it: SSL Certificate Update The reason for the problem is rubygems.org switched to a more secure SSL certificate (SHA-2 which use 256bit encryption). The rubygems command line tool bundles the reference to the correct certificate. Therefore rubygems itself can’t be updated using an older version of rubygems. Rubygems must first be updated manually.
First find out what rubygems you have:
rubygems –v
Depending on whether you have a 1.8.x, 2.0.x or 2.2.x, you will need to download an update gem, named “rubygems-update-X.Y.Z.gem”, where X.Y.Z is the version you need. Running 1.8.x: download: https://github.com/rubygems/rubygems/releases/tag/v1.8.30 Running 2.0.x: download: https://github.com/rubygems/rubygems/releases/tag/v2.0.15 Running 2.2.x: download: https://github.com/rubygems/rubygems/releases/tag/v2.2.3
Install update gem:
gem install –-local full_path_to_the_gem_file
Run update gem:
update_rubygems --no-ri --no-rdoc
Check that rubygems was updated:
rubygems –v
Uninstall update gem:
gem uninstall rubygems-update -x
At this point, you may be OK. But it is possible that you do not have the latest public key file for the new certificate. To do this:
Download the latest certificate, (currently AddTrustExternalCARoot-2048.pem) from https://rubygems.org/pages/download. All of the certs are also located at: https://github.com/rubygems/rubygems/tree/master/lib/rubygems/ssl_certs
Find out where to put it:
gem which rubygems
Put this file in the “rubygems\ssl_certs” directory at this location.
As per rubygems commit, the certificates are moved to more specific directories. Thus, currently the certificate(AddTrustExternalCARoot-2048.pem) is expected to be on the following path lib/rubygems/ssl_certs/rubygems.org/AddTrustExternalCARoot-2048.pem
Latest findings...
https://gist.github.com/luislavena/f064211759ee0f806c88
Most importantly...download https://raw.githubusercontent.com/rubygems/rubygems/master/lib/rubygems/ssl_certs/rubygems.org/AddTrustExternalCARoot-2048.pem
Figure out where to stick it
C:\>gem which rubygems
C:/Ruby21/lib/ruby/2.1.0/rubygems.rb
Then just copy the .pem file in ../2.1.0/rubygems/ssl_certs/ and go on about your business.
Running gem update --system worked for me
I had same problem while trying to install cucumber gem. However I noticed that bundler gem already installed with ruby 2.0. I created a Gemfile.rb in the project folder with required gems and followed this steps
All the required gems installed.
This exact error happened to me today on an Ubuntu virtual machine running on VirtualBox. I tried most of the solutions shown above before I noticed that I had resumed from a very old suspended state, and my clock was off by many days.
Updating the clock immediately fixed my issue. Here's the command I used in my case:
sudo service ntp stop && sudo ntpdate pool.ntp.org && sudo service ntp start
Or may be prevented by firewall like me. Try this:
sudo gem install --http-proxy http://localhost:port cocoapods -V
Try to use the source website for the gems, i.e rubygems.org. Use http instead of https. This method does not involve any work such as installing certs and all that.
Example -
gem install typhoeus --source http://rubygems.org
This works, but there is one caveat though.
The gem is installed, but the documentation is not because of cert errors. Here is the error I get
Parsing documentation for typhoeus-0.7.0 WARNING: Unable to pull
data from 'https://rubygems.org/': SSL_connect returned=1 errno=0
state=SSLv3 read server certificate B: certificate verify failed
(https://rubygems.org/latest_specs.4.8.gz)
If you are using windows, open https://rubygems.org/ with internet explorer.
Click on security information and import the certificate. The bottom line is your certification chain is outdated and you need to add this new certificate. Remember that this is not a security violation as long as you can validate the certificate as trusted.
For Windows user:
After installing Ruby 2.2.3 (+ rubygems 2.5.1) successfully on a test machine with access to the internet, I had this SSL error when I installed bundler on a production machine, within the network.
As I had network access limitations, and there was no way to change the settings for SSL access, and based on the error messages, I performed the steps below to be able to finish the installation of the bundler (this may sound crazy, but it worked...).
Through a machine with unrestricted access to the internet, downloaded the following files:
I added these files on an intranet server, keeping the folder structure of the links above:
spec.4.8.gz e latest_specs.4.8.gz
bundler-1.11.2.gemspec.rz
bundler-1.11.2.gem
Then I added my intranet to access gem source:
gem sources -a http://mydomain.com.br
I have run with the success the "gem install bundler" after installation, all it took was remove my intranet of the gem:
gem sources -r http://mydomain.com.br
I hope that is useful in any similar situation....
On Windows you'll have to use HTTP source to update gem then change back to using HTTPS.
gem sources -r https://rubygems.org/
gem sources -a http://rubygems.org/
gem update --system
gem sources -r http://rubygems.org/
gem sources -a https://rubygems.org/
Edit: Warning I'm not sure if this is safe. Does anyone know if ruby packages are signed? The accepted answer looks like a better solution.
Update the cert.pem to newest file that provide by cURL: http://curl.haxx.se/ca/cacert.pem
curl -o `ruby -ropenssl -e 'p OpenSSL::X509::DEFAULT_CERT_FILE' |tr -d \"` http://curl.haxx.se/ca/cacert.pem
The answer is no longer valid. Since I have encountered the issue with older Windows ruby right now I'll post the answer.
When I wanted to install an activesupport gem:
gem in activesupport --version 5.1.6
ERROR: Could not find a valid gem 'activesupport' (= 5.1.6), here is why:
Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B
: certificate verify failed (https://api.rubygems.org/specs.4.8.gz)
The following steps need to copy only the certificates from newer windows ruby. Take the latest ruby (or at least ruby 2.4.0) and do the following:
copy certificates from these directories (adjust to your needs):
C:\prg_sdk\rubies\Ruby-2.4\lib\ruby\2.4.0\rubygems\ssl_certs\rubygems.org
C:\prg_sdk\rubies\Ruby-2.4\lib\ruby\2.4.0\rubygems\ssl_certs\index.rubygems.org
to destination (again adjust to what you need):
C:\prg_sdk\rubies\Ruby231-p112-x64\lib\ruby\2.3.0\rubygems\ssl_certs
Simply uninstalling and reinstalling openssl with homebrew solved this issue for me.
brew uninstall --force openssl
brew install openssl
Goto link http://rubygems.org/pages/download
If you want to use the non-SSL source, try removing the HTTPS source first, and then adding the HTTP one:
sudo gem sources -r https://rubygems.org
sudo gem sources -a http://rubygems.org
UPDATE:
As mpapis states, this should be used only as a temporary workaround. There could be some security concerns if you're accessing RubyGems through the non-SSL source.
Once the workaround is not needed anymore, you should restore the SSL-source:
sudo gem sources -r http://rubygems.org
sudo gem sources -a https://rubygems.org
Approach/one-liner that can be automated to download gems using HTTP instead of HTTPS:
printf -- '---\n:sources:\n- http://rubygems.org\n' | tee ~/.gemrc
In my case, the Ubuntu CA certificates were out of date. I fixed it by running:
sudo update-ca-certificates
Download the cacert.pem file from http://curl.haxx.se/ca/cacert.pem. Save this file to C:\RailsInstaller\cacert.pem.
Now make ruby aware of your certificate authority bundle by setting SSL_CERT_FILE. To set this in your current command prompt session, type:
set SSL_CERT_FILE=C:\RailsInstaller\cacert.pem
Install CSWcacertificates prior to 'gem install'
pkgutil -yi CSWcacertificates
If you're using a ruby kit that's not from OpenCSW, your ruby version may expect to find the certificate file in another place. In this case, I simply symlinked OpenCSW's /etc/opt/csw/ssl/cert.pem to the expected place.
Check where ruby expects to find it :
export cf=`ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE'` && echo $cf
Then, if there's a discrepancy, link it:
ln -s /etc/opt/csw/ssl/cert.pem $cf && file $cf
Try
gem update --system
Hope it solves the problem.
The particular case of RubyGems (the command line tool) is that it requires to bundle inside of its code the trust certificates, which allow RubyGems to establish a connection with the servers even when base operating system is unable to verify the identity of them.
Up until a few months ago, this certificate was provided by one CA, but newer certificate is provided by a different one.
Because of this, existing installations of RubyGems would have to been updated before the switch of the certificate and give enough time for the change to spread (and people to update)
Anyone can find his solution by following the simple steps given in the link below
Source: Stackoverflow.com