Errro while pushibng : SSL certificate problem: certificate has expired

atuljain707 June 1, 2020

I am getting the 'SSL certificate problem: certificate has expired' while pushing the changes in git using sourcetree.

Please help

7 answers

2 votes
engineeredair-webmaster June 1, 2020

For me, the problem was related to Sectigo expiring one of their root certificates.  This means that any client/program that uses the old root certificate when attempting to verify SSL certs will throw a "certificate not valid" error.

If this is what you are encountering, you can fix this by re-installing / upgrading git.  This will install the latest root certificates at the same time.

I found this worked on my local machine.

On a remote server that had the same issue, I had to upgrade git, and then re-install the ca-certificates on the server itself with:

sudo apt-get install --reinstall ca-certificates
sudo mkdir /usr/local/share/ca-certificates/cacert.org
sudo wget -P /usr/local/share/ca-certificates/cacert.org http://www.cacert.org/certs/root.crt http://www.cacert.org/certs/class3.crt
sudo update-ca-certificates
git config --global http.sslCAinfo /etc/ssl/certs/ca-certificates.crt

 

Then I still had problems and realized git was looking at the wrong path and had to correct it with the following:

git config --global http.sslCAinfo /etc/ssl/certs/ca-certificates.crt
engineeredair-webmaster June 2, 2020

More importantly, I realized that the actual root cause is the SSL certificate on my domain name that I am using for my Bitbucket Server.

The chain certificate had to be updated by removing the expired root certificate.

There is a good page with tools that can help you update your own certificates on your domains:

https://whatsmychaincert.com/

Like Dalectric likes this
1 vote
Oliver Bischof June 3, 2020

Updating Git to a newer version installs a new CA chain certificate which is used by Git. That solves the issue.

Dalectric
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 3, 2020

This fixed it for one of my users that had an issue

Andy Ng. July 4, 2020

This fixed for my users as well.

1 vote
tonybp18 June 1, 2020

I have just set the following variable "http.sslVerify" to false and it worked. Just remember to set change it back later.

For a single repo

git config http.sslVerify false

For all repo

git config --global http.sslVerify false
engineeredair-webmaster June 1, 2020

This is not a good long term solution because you are basically choosing to use no encryption when pushing/pulling your code from Bitbucket Server.  This means you are vulnerable to man-in-the-middle attacks.

All of this appears related to this: https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020

0 votes
engineeredair-webmaster June 1, 2020

Has anyone found a fix?  The only thing that has changed on my server is there was an Ubuntu kernel update. 

0 votes
tonybp18 June 1, 2020

Same here, trying to push changes and msg "SSL certificate problem: certificate has expired" appears.

Yes. I am having this problem. In bamboo also.

0 votes
engineeredair-webmaster June 1, 2020

I am having this problem this morning as well.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events