How to Solve - Certificate Verification Failed
You may get the following error from a Git client either at the command line or e.g. from Visual Studio Code that reads:
server certificate verification failed. CAfile: none CRLfile: none
The error message means that the git client cannot verify the integrity of the certificate chain or root of https://app.dataops.live/ when using git repositories via HTTPS. A complete output would look like this:
$ git pull
fatal: unable to access 'https://app.dataops.live/group/my-project.git/': server certificate verification failed. CAfile: none CRLfile: none
The proper way to resolve this issue is to ensure you add the untrusted root certificate to your client system.
In the case of the DataOps app, the untrusted root certificate is a flavor of the Let's Encrypt "ISRG Root X1" root certificate. ISRG Root X1 comes either as cross-signed by DST Root CA X3 or self-signed. Operating systems like Ubuntu 22.04.1 LTS stopped trusting the cross-signed certificate and only trust the self-signed one. For the details on the certificates, see:
- Let's Encrypt Chain of Trust at https://letsencrypt.org/certificates/
- Let's Encrypt Certificate Compatibility at https://letsencrypt.org/docs/certificate-compatibility/
To ensure that Ubuntu continues to trust the cross-signed ISRG Root X1 root certificate execute the following script:
wget https://letsencrypt.org/certs/isrg-root-x1-cross-signed.pem
sudo cp isrg-root-x1-cross-signed.pem /etc/ssl/certs/
Once the CA root certificate is trusted, you can run git pull
or other git commands again.