SSL issues after moving to Ubuntu Precise

Posted: - Modified: | geek

My Rails script for checking library due dates and renewing items stopped working the other day to BadGateway errors. While debugging I ended up going down this rabbit-hole of trying to upgrade RVM's OpenSSL and Ruby versions. rvmsudo rvm pkg install openssl failed in my production environment because the Linode VPS was now 64-bit, so even though I had the appropriate development libraries installed, the code still didn't compile. I tried all sorts of things like rvm get head; rvm reload and gem update --system.

I kept running into errors like There was an error while trying to resolve rubygems version for 'latest'. when reinstalling Ruby and /usr/bin/ld: cannot find -lz when using RVM to reinstall OpenSSL (even though I had zlib1g-dev installed).

After an hour and a half of searching through StackOverflow and mailing list messages, I finally paid attention to the curl error message:

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I searched for that and Ubuntu Precise. As it turns out, the upgrade from Ubuntu 10 to Ubuntu 12 resulted in some issues with Verisign-certified sites. I know, I know, old news (almost two years old!) but I hadn't gotten around to upgrading off Lucid until recently.

Anyway, I followed the recommended steps to copy the text from https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR1556 into /usr/local/share/ca-certificates/verisign.crt and ran update-ca-certificates. After that, rvm reinstall 2.0.0 worked, and so did my script.

Harumph! Anyway, I'm glad that's fixed.

You can comment with Disqus or you can e-mail me at sacha@sachachua.com.