News
3 new Serverspace GPT API Language Models available now!
JT
July 1 2025
Updated July 1 2025

How can I fix the Certificate Error?

Linux SSL Windows

When working with HTTPS services on Linux, a certificate error, SSL certificate problem, or unable to verify the first certificate may occur. It usually means that the system cannot verify the authenticity of the server's SSL certificate.

In this article, we will analyze the causes of the error and ways to fix it for Windows and Linux-based clients!

Linux

Step 1. Check the error text

When connecting via curl, wget, git, or other utilities, one of the following errors may appear:

SSL certificate problem: unable to get local issuer certificate
SSL certificate problem: self signed certificate
certificate verify failed

This means that:

  • There is no root certificate in the system,
  • The certificate is not trusted, or
  • A self-signed certificate without trusted chains is installed.

Step 2. Update the root certificates

The most common reason is outdated or missing trusted root certificates.

For CentOS / RedOS / RHEL:

sudo yum install -y ca-certificates
sudo update-ca-trust force-enable
sudo update-ca-trust extract

For Ubuntu / Debian:

sudo apt update
sudo apt install -y ca-certificates
sudo update-ca-certificates
Certificate Authority
Screenshot № 1 — Certificate Authority

Step 3. Checking the certificate manually

You can verify the SSL certificate chain using openssl:

openssl s_client -connect example.com:443
SSL test connection
Screenshot № 2 — SSL test connection

If the output shows verify error:num=20:unable to get local issuer certificate, it means the chain is incomplete or the client lacks a trusted CA.

Step 4. Add a self-signed certificate

If you use your own certificate (for example, from your own VPN or proxy), you need to add it to the trusted storage.:

Copy the certificate to the system storage:

sudo cp my-ca.crt /etc/pki/ca-trust/source/anchors/

Update the storage:

sudo update-ca-trust extract

For Ubuntu:

sudo cp my-ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates

Step 5. Bypassing verification (not recommended)

If the certificate is temporarily unavailable or you are working in an isolated environment, you can temporarily disable verification.:

curl -k https://example.com
Ignore issue
Screenshot № 3 — Ignore issue

The -k parameter allows you to establish a connection to the server ignoring errors, however, this method may not work if HSTS is installed on the server!

git config --global http.sslVerify false

Do not use this in production — it violates the security of the connection.

Windows

Step 1. Checking the error text

The error often looks like this: "SSL certificate problem: unable to get local issuer certificate
certificate verify failed: unable to get local issuer certificate
self signed certificate in certificate chain" or "This site is not secure"

Step 2. Updating root certificates

The Windows operating system automatically updates root certificates through Windows Update. If automatic updates are disabled:

Make sure that the Windows Update Service (wuauserv) is enabled.

Update the system manually:

control update

Or via PowerShell:

Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Install-Module -Name PSWindowsUpdate -Force
Install-WindowsUpdate -AcceptAll -AutoReboot
Don't use the Update Center? You can install the root certificate manually.

Step 3. Install a custom (self-signed) certificate

If you are using a proxy, a corporate network, or a test server with a self-signed SSL certificate:

Adding the certificate manually:

  1. Double-click the .crt file.
  2. Click Install Certificate.
  3. Choose: Local computer or Put it in storage: Trusted root certification authorities

Confirm the installation.

To install on behalf of the local computer, you need administrator rights.

Step 4. For Git: Trust in certificates

Git on Windows uses its own curl and openssl, and may not see the system certificates. To add your own .crt:

Place the certificate in a folder, for example:

C:\Program Files\Git\mingw64\ssl\certs\my-ca.crt

Edit the file:

C:\Program Files\Git\mingw64\ssl\cert.pem

Add the contents of the .crt to the end of the file.

Or specify it manually:

git config --global http.sslCAInfo "C:/path/to/my-ca.crt"

Step 5. For Python / pip

If, when installing packages, it appears:

SSL: CERTIFICATE_VERIFY_FAILED

Use it:

python -m pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org package_name

Or add a path to your CA:

set SSL_CERT_FILE=C:\path\to\my-ca.crt

Step 6. Temporarily disable verification (not recommended)

For curl, we will use the command:

curl -k https://example.com

Let's change the configuration for Git:

git config --global http.sslVerify false

The certificate error error most often occurs due to the lack of trusted root certificates or the use of self-signed certificates. In this article, we've figured out how to update root certificates, add your own, and safely fix the error.

Vote:
5 out of 5
Аverage rating : 5
Rated by: 1
33145 North Miami, FL 2520 Coral Way apt 2-135
+1 302 425-97-76
700 300
ITGLOBAL.COM CORP
700 300

You might also like...

We use cookies to make your experience on the Serverspace better. By continuing to browse our website, you agree to our
Use of Cookies and Privacy Policy.