insallation fails on SSL certificates

[ildar]

I try to install with the simplest way:

$ curl https://sh.rustup.rs -sSf | sh

and it ends with:

info: syncing channel updates for 'stable-x86_64-unknown-linux-gnu'
error: could not download file from 'https://static.rust-lang.org/dist/channel-rust-stable.toml.sha256' to '/home/ildar/.rustup/tmp/smpm6z49tivc6git_file
info: caused by: error during download
info: caused by: [60] Peer certificate cannot be authenticated with given CA certificates (SSL certificate problem: unable to get local issuer certificate)
rustup: command failed: /tmp/.private/ildar/tmp.8kVhcIBdVQ/rustup-init

[typesanitizer]

This seems to be a curl error, not a rustup one. Have you updated the local CA certificates from the official distribution repositories? Maybe these two links are helpful for that: [1], [2].

[ildar]

That wouldn't be a problem if #942 was fixed instead of just closing.

[ghost]

@theindigamer the problem is that this is occurring only on ARM systems

[typesanitizer]

@Lorenzoi the OP's post mentions info: syncing channel updates for 'stable-x86_64-unknown-linux-gnu' so I think it is not specific to ARM systems but also happens for some x86_64 systems.

[vcfxb]

I tried installing rust on a Raspberry Pi running Diet Pi OS and here is the output:

# curl https://sh.rustup.rs -sSf | sh

sh: 249: [: unknown-linux-gnu: unexpected operator
info: downloading installer

Welcome to Rust!

This will download and install the official compiler for the Rust programming 
language, and its package manager, Cargo.

It will add the cargo, rustc, rustup and other commands to Cargo's bin 
directory, located at:

  /root/.cargo/bin

This path will then be added to your PATH environment variable by modifying the
profile file located at:

  /root/.profile

You can uninstall at any time with rustup self uninstall and these changes will
be reverted.

Current installation options:

   default host triple: armv7-unknown-linux-gnueabihf
     default toolchain: stable
  modify PATH variable: yes

1) Proceed with installation (default)
2) Customize installation
3) Cancel installation


info: syncing channel updates for 'stable-armv7-unknown-linux-gnueabihf'
error: could not download file from 'https://static.rust-lang.org/dist/channel-rust-stable.toml.sha256' to '/root/.rustup/tmp/0h9avbwn3fl3ya9r_file'
info: caused by: error during download
info: caused by: [1] Unsupported protocol (Protocol "https" not supported or disabled in libcurl)

Any Ideas on how to get rust working on this system?

[jelford]

@alfriadox I think you've actually got the issue described in #1051, rather than the certificate issue here. There's a workaround described there that you might try until the fix goes out.

[valpackett]

On FreeBSD 12-CURRENT amd64, I'm getting The OpenSSL library reported an error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:s3_clnt.c:1264: with RUSTUP_USE_HYPER. Works fine without it (with curl) now!

The CA bundle is installed as /usr/local/share/certs/ca-root-nss.crt and also symlinked as /etc/ssl/cert.pem.

[ghost]

I'm getting the following error when running curl https://sh.rustup.rs -sSf | sh on my Raspberry Pi:

info: syncing channel updates for 'stable-armv7-unknown-linux-gnueabihf'
error: could not download file from 'https://static.rust-lang.org/dist/channel-rust-stable.toml.sha256' to '/home/pi/.rustup/tmp/qytrgnyzckn_ql99_file'
info: caused by: failed to make network request
info: caused by: https://static.rust-lang.org/dist/channel-rust-stable.toml.sha256: The OpenSSL library reported an error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:s3_clnt.c:1264:
info: caused by: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:s3_clnt.c:1264:

Any idea how to fix this? I've tried setting RUSTUP_USE_HYPER to 0 and 1, but nothing helps.

[onlinel001]

@stjepang, did you get your problem resolved. I am getting the same error when I try to install Rust. Any help would be greatly appreciated

[ghost]

Unfortunately, no. In the end I got Rust by manully downloading a standalone installer for offline installation.

[onlinel001]

Thank you

[alphabytes]

facing the same issue. any updates on how to debug / correct the issue.. i created the c:\users\xxx.cargo\config file with http.check-revoke = false and http.proxy = "127.0.0.1:3128"
but it does not seem to pick it up.

[otaku]

I found the answer here.

I solved it by setting the environment variable SSL_CERT_DIR to where the certificates were located.

With TinyCoreLinux / piCore on Raspberry PI, the following worked for me:
curl https://sh.rustup.rs -sSf | SSL_CERT_DIR=/usr/local/etc/ssl/certs sh

[raviqqe]

Thank you for the workaround, @otaku. In my case, SSL_CERT_DIR=/etc/ssl/certs works. My environment is:

> uname -a       
Linux localhost 3.14.0 #1 SMP PREEMPT Mon Dec 18 20:14:27 PST 2017 armv7l GNU/Linux
> cat /etc/os-release
NAME="Ubuntu"
VERSION="16.04.3 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.3 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial

[mcandre]

In Ubuntu Bionic, I was able to fix this issue by ensuring that the ca-certificates package is installed, which is often omitted by default from Docker images to save space, for example.

:)

[icefree]

MacOS 10.12.6
curl --proto '=https' -sSf https://sh.rustup.rs | SSL_CERT_DIR=/etc/ssl/certs sh

[kinnison]

Given that this issue is mostly about incorrectly configured host operating systems, I'm going to close it. If anyone still has issues with SSL certificates, please look for either more specific issues to join, or else open a fresh one with a full explanation of your problem and how to reproduce it.

[yaoxin-jing]

Hey, I solved this issue by add certificates in /usr/local/share/ca-certificates dir then sudo update-ca-certificates