In the Ruby world, Bundler is fantastic when it comes to dependency management. But sometimes, when you use it, especially for an older Ruby version, you might run into certificate errors. Here’s one way to fix that.
Background / Problem
My blog is built using Jekyll and was started in Ruby 2.2.4. Out of laziness, I have not updated although recent versions require Ruby 2.4.0 or newer. While making some changes, I needed to add a gem and run bundler again. But instead of a happy run, I ran into this error.
Fetching source index from https://rubygems.org/
Retrying fetcher due to error (2/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://rubygems.org/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification.
For information about OpenSSL certificates, see http://bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
Retrying fetcher due to error (3/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://rubygems.org/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification.
For information about OpenSSL certificates, see http://bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
Retrying fetcher due to error (4/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://rubygems.org/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification.
For information about OpenSSL certificates, see http://bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
Could not verify the SSL certificate for https://rubygems.org/.
There is a chance you are experiencing a man-in-the-middle attack, but most
likely your system doesn't have the CA certificates needed for verification. For
information about OpenSSL certificates, see http://bit.ly/ruby-ssl. To connect
without using SSL, edit your Gemfile sources and change 'https' to 'http'.
Let’s solve it!
OK, deep breath – OpenSSL or certificate errors can sound scary at first glance. Since we are using an old Ruby, the issue is most likely: most likely your system doesn't have the CA certificates needed for verification and there are a few options:
- Change your Gemfile sources from ‘https’ to ‘http’
- Add a certificate that can be used for verification
To read more on this, go to the prescribed link from the message above: http://bit.ly/ruby-ssl and there are steps you can use.
On the other hand, if you have a recent Ruby, it will have a more recent certificate that can be used. I have Ruby 2.6 and Ruby 3.0, and can point Ruby to use the certificate from one of these without any trouble.
Ruby will use the certificate path set in the environment variable SSL_CERT_FILE and you can just set it when you need it. You can either add it to your Windows environment variables or set it in the console before you run bundle install. The certificates are in the ssl directory under your Ruby installation, so you should check the file name there and set the environment variable accordingly. For me, I need to do this on the command line for using the certifcate from Ruby 3.0 on my installation.
set SSL_CERT_FILE=C:\Ruby30-x64\ssl\cert.pemSimilarly, the path for Ruby 2.6 on my system is: c:\Ruby26-x64\ssl\cert.pem and Ruby 2.7 should be similar.
I wrote this up because I had to search a few things to put the pieces together, and I wanted to be able to remember how to do it the next time. Of course, if it helps someone, that’s great! If you have some comments, please add below so that I can reflect changes here. If you are setting up Ruby on Windows, take a look at Installing JRuby on Windows and Installing Ruby 3.0 on Windows both on this site itself.