Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

[SOLVED]: perlbrew/curl: curl: (60) Peer certificate cannot be authenticated with known CA certificates

by Perl300 (Friar)
on Mar 06, 2019 at 17:30 UTC ( #1230967=perlquestion: print w/replies, xml ) Need Help??

Perl300 has asked for the wisdom of the Perl Monks concerning the following question:

Hello monks

I am trying to install perlbrew on Linux machine

[user@host ~]$ cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.8 (Santiago)
When I try using curl or wget, I continue to get certificate error:
[user@host ~]$ curl -L https://install.perlbrew.pl | bash curl: (60) Peer certificate cannot be authenticated with known CA cert +ificates More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle +" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.
I tried with -k option as well but that also fails:
[user@host ~]$ curl -kL https://install.perlbrew.pl | bash % Total % Received % Xferd Average Speed Time Time Time + Current Dload Upload Total Spent Left + Speed 103 1548 103 1548 0 0 1335 0 0:00:01 0:00:01 --:--: +-- 1335 ## Download the latest perlbrew curl: (60) Peer certificate cannot be authenticated with known CA cert +ificates More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle +" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.
Using wget throws following error:
[user@host ~]$ wget -O - https://install.perlbrew.pl | bash --2019-03-06 10:58:43-- https://install.perlbrew.pl/ Resolving install.perlbrew.pl... 64.62.231.202 Connecting to install.perlbrew.pl|64.62.231.202|:443... connected. ERROR: cannot verify install.perlbrew.pl’s certificate, issued by “/DC +=com/DC=<my_domain>/DC=<my_domain>/CN=<my_domain> Enterprise Root CA” +: Self-signed certificate encountered. To connect to install.perlbrew.pl insecurely, use ‘--no-check-certific +ate’.
Using ‘--no-check-certificate’ option also gives the same error as above.

Could this be a firewall issue (I am behind a corporate firewall) or SSL certificate issue as error says?

Trying to find if someone faced this and know how to get around it.

UPDATE: Marked subject as SOLVED.

  • Comment on [SOLVED]: perlbrew/curl: curl: (60) Peer certificate cannot be authenticated with known CA certificates
  • Select or Download Code

Replies are listed 'Best First'.
Re: perlbrew/curl: curl: (60) Peer certificate cannot be authenticated with known CA certificates
by thanos1983 (Parson) on Mar 06, 2019 at 17:48 UTC
Re: perlbrew/curl: curl: (60) Peer certificate cannot be authenticated with known CA certificates
by thechartist (Monk) on Mar 06, 2019 at 17:52 UTC

    Don't know much about the certificate issue; could be the Red Hat certificates have not been updated. AFAIK, looks like that release goes back to 2016.

    On OpenBSD none of the standard install instructions work, but if I clone or pull the sources from git, then run perlbrew init, everything works as expected. Have you tried that?

Re: perlbrew/curl: curl: (60) Peer certificate cannot be authenticated with known CA certificates
by Perl300 (Friar) on Mar 06, 2019 at 20:25 UTC

    I was able to cd into App-perlbrew and then perl perlbrew self-install and perlbrew is working but whenever it needs to connect to internet those specific commands are failing.

    [~]$ perlbrew Usage: perlbrew command syntax: perlbrew <command> [options] [arguments] Commands: [~]$ perlbrew list [~]$ perlbrew available ERROR: Unable to retrieve the list of perls. [~]$ [~]$ perlbrew install perl-5.28.1 Fetching perl 5.28.1 as ~/perl5/perlbrew/dists/perl-5.28.1.tar.gz Download http://www.cpan.org/src/5.0/perl-5.28.1.tar.gz to ~/perl5/per +lbrew/dists/perl-5.28.1.tar.gz Installing ~/perl5/perlbrew/build/perl-5.28.1/perl-5.28.1 into ~/perl5 +/perlbrew/perls/perl-5.28.1 This could take a while. You can run the following command on another +shell to track the status: tail -f ~/perl5/perlbrew/build.perl-5.28.1.log Installation process failed. To spot any issues, check . . . You might also want to try upgrading patchperl before trying again: perlbrew install-patchperl Generally, if you need to install a perl distribution known to have mi +nor test failures, do one of these commands to avoid seeing this message: perlbrew --notest install perl-5.28.1 perlbrew --force install perl-5.28.1 [~]$ perlbrew install-patchperl ERROR: Failed to retrieve patchperl executable. [~]$

    The log file ~/perl5/perlbrew/build.perl-5.28.1.log has only one line sh: patchperl: command not found

    Seems like my Linux machine is having problem in letting perlbrew connect to internet. :-(

      Hello Perl300,

      Sorry for the late reply but I just got the time to review your question.

      There is a bug reported related to your problem:

      ERROR: Failed to retrieve patchperl executable.

      See here perlbrew fails to install patchperl #350. The solution that worked before the ticket was closed:

      $ curl https://raw.githubusercontent.com/gugod/patchperl-packing/maste +r/patchperl > ~/perl5/perlbrew/bin/patchperl

      From my point of view it looks that perlbrew is not installed correctly or need to be updated. If I was you I would simply ask the Admin of the node to login as root and install perlbrew from CPAN. By doing this you will avoid troubleshooting step by step the process.

      Never the less I would highly recommend first installing the latest CPAN version for your CentosOS 6.8 e.g.:

      $ sudo cpan

      cpan[1]> install CPAN

      cpan[2]> reload cpan

      Then simply ask him to run:

      sudo cpan App::perlbrew

      I hope this helps, keep us updated. BR / Thanos

      Seeking for Perl wisdom...on the process of learning...not there...yet!

        Thank you thanos1983 for sharing the link. The solution there worked for me as well.

        patchperl was missing from ~/perl5/perlbrew/bin/

        So I did:

        curl https://raw.githubusercontent.com/gugod/patchperl-packing/master/patchperl > ~/perl5/perlbrew/bin/patchperl

        And then

        [~]$ perlbrew install perl-5.28.1

        This time it worked and installed perl-5.28.1.

        Somehow `perlbrew available` still doesn't work but that's not a big deal for me. I'll know the version number that is available and if I want to install it or not.

        [~]$ perlbrew available ERROR: Unable to retrieve the list of perls. [~]$

        Thanos1983, Thanks for that link to the perlbrew bug report. I read it, but do not understand the fundamental problem in this instance.

        I was hoping pulling or cloning perlbrew from git and doing the initial install with whatever system Perl was available would eliminate the need for Admin. And it seems like manually installing the patchperl using curl (as is done in the last post in that thread) would run into the same problem of curl accessing the 'net. Has anyone figured out the root cause for this bug?

      At least some progress was made by getting perlbrew installed. I will defer to other Perl experts on what could be causing your problems. It makes no sense for the http URI to fail. Keep us posted on the progress.

Re: perlbrew/curl: curl: (60) Peer certificate cannot be authenticated with known CA certificates
by Perl300 (Friar) on Mar 06, 2019 at 19:30 UTC

    Thank you thanos1983 and thechartist for your responses. I'll try both and inform here result.

    Updating curl and ca-certs might take some time as I don't have root on this box but I'll get an admin to do it.

    thechartist can you please give me some instructions on how you did it from git? I did git clone https://github.com/gugod/App-perlbrew.git It created App-perlbrew directory under my home directory. But then perlbrew init is failing with `-bash: perlbrew: command not found`

    I tried running perlbrew init from my home directory as well as after doing cd App-perlbrew It gives same error: command not found

      You have to cd into the App-perlbrew directory. To install perlbrew the first time on the machine, do the following:

      $ git clone https://some.valid.perlbrew.url/ $ cd App-perlbrew $ perl perlbrew self-install $ perlbrew init
      IIRC, if this is the very first time initializing perlbrew, you will need to use system perl to run the script. Once perlbrew is running, you should be able to just run:
      $ cd App-perlbrew $ git pull $ perlbrew self-upgrade $ perlbrew init
      I've never had any problems, but since your perlbrew is already in git, you can go back to an older version if necessary.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://1230967]
Approved by Discipulus
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (4)
As of 2022-10-05 18:21 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My preferred way to holiday/vacation is:











    Results (24 votes). Check out past polls.

    Notices?