curl: (77) error setting certificate verify locations (Ubuntu 20.04.3 LTS)

Tags:

Answer: 1

4 hours ago

I'm installing Waydroid on Ubuntu, when running:

export DISTRO="focal" && \
sudo curl -# --proto '=https' --tlsv1.2 -Sf https://repo.waydro.id/waydroid.gpg --output /usr/share/keyrings/waydroid.gpg && \
echo "deb [signed-by=/usr/share/keyrings/waydroid.gpg] https://repo.waydro.id/ $DISTRO main" > ~/waydroid.list && \
sudo mv ~/waydroid.list /etc/apt/sources.list.d/waydroid.list && \
sudo apt update

I get the error:

curl: (77) error setting certificate verify locations:                        
  CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs

I'm running Ubuntu 20.04.3 LTS (Focal Fossa) and have fully updated the system.

ca-certificates is already the newest version (20210119~20.04.2).
Added by: Jordyn Borer

Answer: 2

13 hours ago

I encountered the same problem and solved it like this:

$ sudo rm -f /etc/ssl/certs/ca-bundle.crt
$ sudo apt reinstall ca-certificates
$ sudo update-ca-certificates

Somehow the certificate authority chain file got messed up, I guess.

Credits: https://bobcares.com/blog/curl-error-77-problem-with-the-ssl-ca-cert/

Added by: Mr. Bryon Smitham

Answer: 3

19 hours ago

I had this same problem. What worked for me was updating the ca-certificates.

I first ran cat /etc/ssl/certs/ca-certificates.crt and got this response:

cat: /etc/ssl/certs/ca-certificats.crt: No such file or directory

Thus, there was no file for curl to use.

According to http://manpages.ubuntu.com/manpages/impish/man8/update-ca-certificates.8.html we can create a new ca-certificate. What I did was run sudo update-ca-certificates and afterward the 77 error went away.

I hope this helps. One note is that I am not very familiar with the update-ca-certificates command, and am unsure if there are some options that can be set to make this fix work better. Also, as is everything with info on the internet, use this at your own risk.

Cheers!

Added by: Trycia Hoeger

Answer: 4

28 hours ago

From the look of the error, you may not have the ca-certificates package installed. You can resolve the issue via Terminal like this:

sudo apt install ca-certificates

Once installed, you should be able to run your cURL request properly 👍🏻

Added by: Matteo Carroll

Answer: 5

17 hours ago

I finally resolved this issue by using the official Ubuntu Docker image to generate a new ca-certificates.crt and copy it to my host machine. This is roughly how you could follow the same pattern:

$ docker pull ubuntu   # You might want to specify a version here
$ docker run --rm -it --name ubuntu-docker docker.io/library/ubuntu:latest bash
root@3a5c34437949:/$ apt update && apt install -y curl
root@3a5c34437949:/$ curl http://echo.jsontest.com/it/works
{"it": "works"}

Then in a separate window or tab while container is still running:

$ cp /etc/ssl/certs/ca-certificates.crt ~  # Backup just in case
$ docker cp ubuntu-docker:/etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt

From this point curl started working immediately. The installation or reinstallation of ca-certificates DID NOT work for me. I had recently dabbled with adding a custom certificate into the chain and I might've hosed the file. I'm guessing Ubuntu never overwrote it because it didn't want to clobber my changes.

Added by: Mazie Borer

Popular Search

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9