How to solve the git error server certificate verification failed
You may get the following error from a git client either at the command line or e.g. from Visual Studio code that reads:
server certificate verification failed. CAfile: none CRLfile: none
This means that the git client cannot verify the integrity of the certificate chain or root of https://app.dataops.live/ when using git repositories via HTTPS. A complete output would look like this:
$ git pull
fatal: unable to access 'https://app.dataops.live/group/my-project.git/': server certificate verification failed. CAfile: none CRLfile: none
The proper way to resolve this issue is to make sure the untrusted root certificate is added to your client system.
In the case of the DataOps app, the untrusted root certificate is a flavor of the Let's Encrypt "ISRG Root X1" root certificate. ISRG Root X1 comes either as cross-signed by DST Root CA X3 or self-signed. Operating systems like Ubuntu 22.04.1 LTS stopped trusting the cross-signed certificate and only trust the self-signed one. For the details on the certificates see:
- Let's Encrypt Chain of Trust at https://letsencrypt.org/certificates/
- Let's Encrypt Certificate Compatibility at https://letsencrypt.org/docs/certificate-compatibility/
To ensure that Ubuntu continues to trust the cross-signed ISRG Root X1 root certificate execute the following script:
sudo cp isrg-root-x1-cross-signed.pem /etc/ssl/certs/
Once the CA root certificate is trusted you can run
git pull or other git commands successfully again.