github server certificate verification failed

Question

I just created a github account and a repository therein  but when trying to create a local working copy using the recommende url via  git clone https   github com  lt user gt   lt project gt  git   I get an error like     fatal  unable to access  https   github com  lt user gt   lt project gt  git   server certificate verification failed  CAfile   home  lt user gt   ssl trusted pem CRLfile  none   I m on Debian Jessie  and I would have expected both Debian and GitHub to provide   rely on a selection of commonly accepted CAs  but apparently my system doesn t trust GibHub s certificate   Any simple way to fix this  without the frequently recommended  GIT SSL NO VERIFY true  hack and similar work-arounds    EDIT   Additional information    The ca-certificate package is installed  Installing cacert org s certificates as suggested by  VonC didn t change anything  My personal    ssl trusted pem file does contain a couple of entries  but to be honest  I don t remember where the added certificates came from    When removing    ssl trusted pem  the git error message changes to  fatal  unable to access  https   github com tcrass scans2jpg git    Problem with the SSL CA cert  path  access rights      EDIT    VonC s advice regarding the git https sslCAinfo option put me on the right track -- I just added the downloaded cacert org CAs to my trusted pem  and now git doesn t complain anymore

User · Answer

I also was having this error when trying to clone a repository from Github on a Windows Subsystem from Linux console:

fatal: unable to access 'http://github.com/docker/getting-started.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

The solution from @VonC on this thread didn't work for me.

The solution from this Fabian Lee's article solved it for me:

openssl s_client -showcerts -servername github.com -connect github.com:443 </dev/null 2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p'  > github-com.pem
cat github-com.pem | sudo tee -a /etc/ssl/certs/ca-certificates.crt

User · Answer

Try to connect to repositroy with url  http   github com  lt user gt   lt project gt  git  http except https   In your case you should clone like this    git clone http   github com  lt user gt   lt project gt  git

User · Answer

You can also disable SSL verification   if the project does not require a high level of security other than login password  by typing     git config --global http sslverify false  enjoy git

User · Answer

Another possible cause is that the clock of your machine is not synced  e g  on Raspberry Pi   Check the current date time using    date  If the date and or time is incorrect  try to update using    sudo ntpdate -u time nist gov

User · Answer

Make sure first that you have certificates installed on your Debian in  etc ssl certs   If not  reinstall them   sudo apt-get install --reinstall ca-certificates   Since that package does not include root certificates  add   sudo mkdir  usr local share ca-certificates cacert org sudo wget -P  usr local share ca-certificates cacert org http   www cacert org certs root crt http   www cacert org certs class3 crt sudo update-ca-certificates   Make sure your git does reference those CA   git config --global http sslCAinfo  etc ssl certs ca-certificates crt     Jason C mentions another potential cause  in the comments       It was the clock  The NTP server was down  the system clock wasn t set properly  I didn t notice or think to check initially  and the incorrect time was causing verification to fail      Certificates are time sensitive

User · Answer

To me a simple sudo apt-get update  solved the issue  It was a clock issue and with this command it resets to the current date time and everything worked

User · Answer

It can be also self-signed certificate  etc  Turning off SSL verification globally is unsafe  You can install the certificate so it will be visible for the system  but the certificate should be perfectly correct    Or you can clone with one time configuration parameter  so the command will be   git clone -c http sslverify false https   myserver  lt user gt   lt project gt  git    GIT will remember the false value  you can check it in the  lt project gt   git config file

[git] github: server certificate verification failed

Examples related to git

Examples related to github

Examples related to debian