I just created a github account and a repository therein, but when trying to create a local working copy using the recommende url via
git clone https://github.com/<user>/<project>.git
I get an error like
fatal: unable to access 'https://github.com/<user>/<project>.git': server certificate verification failed. CAfile: /home/<user>/.ssl/trusted.pem CRLfile: none
I'm on Debian Jessie, and I would have expected both Debian and GitHub to provide / rely on a selection of commonly accepted CAs, but apparently my system doesn't trust GibHub's certificate.
Any simple way to fix this (without the frequently recommended "GIT_SSL_NO_VERIFY=true" hack and similar work-arounds)?
EDIT:
Additional information:
When removing ~/.ssl/trusted.pem, the git error message changes to
fatal: unable to access 'https://github.com/tcrass/scans2jpg.git/': Problem with the SSL CA cert (path? access rights?)
EDIT:
@VonC's advice regarding the git https.sslCAinfo option put me on the right track -- I just added the downloaded cacert.org CAs to my trusted.pem, and now git doesn't complain anymore.
To me a simple
sudo apt-get update
solved the issue. It was a clock issue and with this command it resets to the current date/time and everything worked
Another possible cause is that the clock of your machine is not synced (e.g. on Raspberry Pi). Check the current date/time using:
$ date
If the date and/or time is incorrect, try to update using:
$ sudo ntpdate -u time.nist.gov
Try to connect to repositroy with url: http://github.com/<user>/<project>.git
(http except https)
In your case you should clone like this:
git clone http://github.com/<user>/<project>.git
I also was having this error when trying to clone a repository from Github on a Windows Subsystem from Linux console:
fatal: unable to access 'http://github.com/docker/getting-started.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
The solution from @VonC on this thread didn't work for me.
The solution from this Fabian Lee's article solved it for me:
openssl s_client -showcerts -servername github.com -connect github.com:443 </dev/null 2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > github-com.pem
cat github-com.pem | sudo tee -a /etc/ssl/certs/ca-certificates.crt
It can be also self-signed certificate, etc. Turning off SSL verification globally is unsafe. You can install the certificate so it will be visible for the system, but the certificate should be perfectly correct.
Or you can clone with one time configuration parameter, so the command will be:
git clone -c http.sslverify=false https://myserver/<user>/<project>.git;
GIT will remember the false value, you can check it in the <project>/.git/config
file.
You can also disable SSL verification, (if the project does not require a high level of security other than login/password) by typing :
git config --global http.sslverify false
enjoy git :)
Source: Stackoverflow.com