curl: (77) error setting certificate verify locations (Ubuntu 20.04.3 LTS)

Tags:

Answer: 1

1 hours ago

I'm installing Waydroid on Ubuntu, when running:

export DISTRO="focal" && \
sudo curl -# --proto '=https' --tlsv1.2 -Sf https://repo.waydro.id/waydroid.gpg --output /usr/share/keyrings/waydroid.gpg && \
echo "deb [signed-by=/usr/share/keyrings/waydroid.gpg] https://repo.waydro.id/ $DISTRO main" > ~/waydroid.list && \
sudo mv ~/waydroid.list /etc/apt/sources.list.d/waydroid.list && \
sudo apt update

I get the error:

curl: (77) error setting certificate verify locations:                        
  CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs

I'm running Ubuntu 20.04.3 LTS (Focal Fossa) and have fully updated the system.

ca-certificates is already the newest version (20210119~20.04.2).
Added by: Saige Pfannerstill

Answer: 2

23 hours ago

I encountered the same problem and solved it like this:

$ sudo rm -f /etc/ssl/certs/ca-bundle.crt
$ sudo apt reinstall ca-certificates
$ sudo update-ca-certificates

Somehow the certificate authority chain file got messed up, I guess.

Credits: https://bobcares.com/blog/curl-error-77-problem-with-the-ssl-ca-cert/

Answer: 3

17 hours ago

I had this same problem. What worked for me was updating the ca-certificates.

I first ran cat /etc/ssl/certs/ca-certificates.crt and got this response:

cat: /etc/ssl/certs/ca-certificats.crt: No such file or directory

Thus, there was no file for curl to use.

According to http://manpages.ubuntu.com/manpages/impish/man8/update-ca-certificates.8.html we can create a new ca-certificate. What I did was run sudo update-ca-certificates and afterward the 77 error went away.

I hope this helps. One note is that I am not very familiar with the update-ca-certificates command, and am unsure if there are some options that can be set to make this fix work better. Also, as is everything with info on the internet, use this at your own risk.

Cheers!

Added by: Prof. Jaida Stark

Answer: 4

29 hours ago

From the look of the error, you may not have the ca-certificates package installed. You can resolve the issue via Terminal like this:

sudo apt install ca-certificates

Once installed, you should be able to run your cURL request properly 👍🏻

Answer: 5

30 hours ago

I finally resolved this issue by using the official Ubuntu Docker image to generate a new ca-certificates.crt and copy it to my host machine. This is roughly how you could follow the same pattern:

$ docker pull ubuntu   # You might want to specify a version here
$ docker run --rm -it --name ubuntu-docker docker.io/library/ubuntu:latest bash
[email protected]:/$ apt update && apt install -y curl
[email protected]:/$ curl http://echo.jsontest.com/it/works
{"it": "works"}

Then in a separate window or tab while container is still running:

$ cp /etc/ssl/certs/ca-certificates.crt ~  # Backup just in case
$ docker cp ubuntu-docker:/etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt

From this point curl started working immediately. The installation or reinstallation of ca-certificates DID NOT work for me. I had recently dabbled with adding a custom certificate into the chain and I might've hosed the file. I'm guessing Ubuntu never overwrote it because it didn't want to clobber my changes.

Update:

While the above did work for me it was really just a temporary fix and any refresh of my ca-certificates would bring the issue back. Apparently I forgot that I copied a custom certificate file into /usr/local/share/ca-certificates/ and it kept getting appended to my ca-certificates.crt. That on it's own isn't bad, but that particular cert file wasn't in PEM format, which is what ca-certificates requires.

In short, be careful what you copy into those ca-certificates folders.

Added by: Mrs. Janet Krajcik

Popular Search

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9