Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Errro while pushibng : SSL certificate problem: certificate has expired

I am getting the 'SSL certificate problem: certificate has expired' while pushing the changes in git using sourcetree.

Please help

7 answers

For me, the problem was related to Sectigo expiring one of their root certificates.  This means that any client/program that uses the old root certificate when attempting to verify SSL certs will throw a "certificate not valid" error.

If this is what you are encountering, you can fix this by re-installing / upgrading git.  This will install the latest root certificates at the same time.

I found this worked on my local machine.

On a remote server that had the same issue, I had to upgrade git, and then re-install the ca-certificates on the server itself with:

sudo apt-get install --reinstall ca-certificates
sudo mkdir /usr/local/share/ca-certificates/cacert.org
sudo wget -P /usr/local/share/ca-certificates/cacert.org http://www.cacert.org/certs/root.crt http://www.cacert.org/certs/class3.crt
sudo update-ca-certificates
git config --global http.sslCAinfo /etc/ssl/certs/ca-certificates.crt

 

Then I still had problems and realized git was looking at the wrong path and had to correct it with the following:

git config --global http.sslCAinfo /etc/ssl/certs/ca-certificates.crt

More importantly, I realized that the actual root cause is the SSL certificate on my domain name that I am using for my Bitbucket Server.

The chain certificate had to be updated by removing the expired root certificate.

There is a good page with tools that can help you update your own certificates on your domains:

https://whatsmychaincert.com/

Like Dalectric likes this

Updating Git to a newer version installs a new CA chain certificate which is used by Git. That solves the issue.

This fixed it for one of my users that had an issue

This fixed for my users as well.

I am having this problem this morning as well.

Yes. I am having this problem. In bamboo also.

0 votes

Same here, trying to push changes and msg "SSL certificate problem: certificate has expired" appears.

Has anyone found a fix?  The only thing that has changed on my server is there was an Ubuntu kernel update. 

0 votes
tonybp18 I'm New Here Jun 01, 2020

I have just set the following variable "http.sslVerify" to false and it worked. Just remember to set change it back later.

For a single repo

git config http.sslVerify false

For all repo

git config --global http.sslVerify false

This is not a good long term solution because you are basically choosing to use no encryption when pushing/pulling your code from Bitbucket Server.  This means you are vulnerable to man-in-the-middle attacks.

All of this appears related to this: https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Powering DevOps with Bitbucket Server & Data Center

Hi everyone, The Cloud team recently announced 12 new DevOps features that help developers ship better code, faster   ! While we’re all excited about the new improvements to Bitbucket ...

1,886 views 0 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you