curl 突然无法获取本地颁发者证书

curl 突然无法获取本地颁发者证书

我一直在使用带有基础 Ubuntu 14.04 映像的 Docker 1.7.1,突然出现以下情况curl

curl -L -o sbt.tgz https://dl.bintray.com/sbt/native-packages/sbt/0.13.9/sbt-0.13.9.tgz

导致我出现以下错误:

curl: (60) SSL certificate p[0m[91mroblem: unable to get local issuer certificate
  [0m[91mMore details here: http://curl.haxx.se/docs/sslcerts.html

  curl performs SSL certificate verification by default, using a "bundle"
   of Certificate Authority (CA) pub[0m[91mlic keys (CA certs). If the default
   bundle file isn't adequate, you can specify an alternate file
   us[0m[91ming the --cacert option.
  If this HTTPS server uses a certificate signed by a CA represented in
   the bund[0m[91mle, the certificate verification probably failed due to a
   problem with the certific[0m[91mate (it might be expired, or the name might
   not match the domain name in the URL).[0m[91m
  If you'd like to turn off curl's verification of the certificate[0m[91m, use
   the -k (or --insecure) option.

有问题的 CA(针对 dl.bintray.com)是 GeoTrust CA G3,我从 docker 构建日志中检查它正在安装:

  Processing triggers for ca-certificates (20160104ubuntu0.14.04.1) ...
  Updating certificates in /etc/ssl/certs... 173 added, 0 removed; done.
  Running hooks in /etc/ca-certificates/update.d....
  ...
  Adding debian:GeoTrust_Global_CA.pem
  Adding debian:GeoTrust_Global_CA_2.pem
  Adding debian:GeoTrust_Primary_Certification_Authority.pem
  Adding debian:GeoTrust_Primary_Certification_Authority_-_G2.pem
  Adding debian:GeoTrust_Primary_Certification_Authority_-_G3.pem
  Adding debian:GeoTrust_Universal_CA.pem
  Adding debian:GeoTrust_Universal_CA_2.pem
  ...

我无法解释它是如何停止工作的。我从容器中手动尝试,版本--insecure可以工作,尽管我不想使用它。

关于如何修复此问题,或者获取可靠的更新 CA 权限以传递给 curl 命令,您有什么想法吗curl -c my_most_trusted_and_up_to_date_ca.pem

相关内容