github server certificate verification failed

Question

I just created a github account and a repository therein  but when trying to create a local working copy using the recommende url via  git clone https   github com  lt user gt   lt project gt  git   I get an error like     fatal  unable to access  https   github com  lt user gt   lt project gt  git   server certificate verification failed  CAfile   home  lt user gt   ssl trusted pem CRLfile  none   I m on Debian Jessie  and I would have expected both Debian and GitHub to provide   rely on a selection of commonly accepted CAs  but apparently my system doesn t trust GibHub s certificate   Any simple way to fix this  without the frequently recommended  GIT SSL NO VERIFY true  hack and similar work-arounds    EDIT   Additional information    The ca-certificate package is installed  Installing cacert org s certificates as suggested by  VonC didn t change anything  My personal    ssl trusted pem file does contain a couple of entries  but to be honest  I don t remember where the added certificates came from    When removing    ssl trusted pem  the git error message changes to  fatal  unable to access  https   github com tcrass scans2jpg git    Problem with the SSL CA cert  path  access rights      EDIT    VonC s advice regarding the git https sslCAinfo option put me on the right track -- I just added the downloaded cacert org CAs to my trusted pem  and now git doesn t complain anymore

User · Accepted Answer

Make sure first that you have certificates installed on your Debian in /etc/ssl/certs.

If not, reinstall them:

sudo apt-get install --reinstall ca-certificates

Since that package does not include root certificates, add:

sudo mkdir /usr/local/share/ca-certificates/cacert.org
sudo wget -P /usr/local/share/ca-certificates/cacert.org http://www.cacert.org/certs/root.crt http://www.cacert.org/certs/class3.crt
sudo update-ca-certificates

Make sure your git does reference those CA:

git config --global http.sslCAinfo /etc/ssl/certs/ca-certificates.crt

Jason C mentions another potential cause (in the comments):

It was the clock. The NTP server was down, the system clock wasn't set properly, I didn't notice or think to check initially, and the incorrect time was causing verification to fail.

Certificates are time sensitive.

User · Answer

Try to connect to repositroy with url  http   github com  lt user gt   lt project gt  git  http except https   In your case you should clone like this    git clone http   github com  lt user gt   lt project gt  git

User · Answer

Another possible cause is that the clock of your machine is not synced  e g  on Raspberry Pi   Check the current date time using    date  If the date and or time is incorrect  try to update using    sudo ntpdate -u time nist gov

User · Answer

To me a simple sudo apt-get update  solved the issue  It was a clock issue and with this command it resets to the current date time and everything worked

User · Answer

You can also disable SSL verification   if the project does not require a high level of security other than login password  by typing     git config --global http sslverify false  enjoy git

User · Answer

I also was having this error when trying to clone a repository from Github on a Windows Subsystem from Linux console   fatal  unable to access  http   github com docker getting-started git    server certificate verification failed  CAfile   etc ssl certs ca-certificates crt CRLfile  none  The solution from  VonC on this thread didn t work for me  The solution from this Fabian Lee s article solved it for me  openssl s client -showcerts -servername github com -connect github com 443  lt  dev null 2 gt  dev null   sed -n -e   BEGIN  CERTIFICATE   END  CERTIFICATE  p    gt  github-com pem cat github-com pem   sudo tee -a  etc ssl certs ca-certificates crt

User · Answer

It can be also self-signed certificate  etc  Turning off SSL verification globally is unsafe  You can install the certificate so it will be visible for the system  but the certificate should be perfectly correct    Or you can clone with one time configuration parameter  so the command will be   git clone -c http sslverify false https   myserver  lt user gt   lt project gt  git    GIT will remember the false value  you can check it in the  lt project gt   git config file

[git] github: server certificate verification failed

Examples related to git

Examples related to github

Examples related to debian