blovett

blovett

Bogus certificate expired failure during mix deps.get

I get a bogus certificate expired error when I run mix deps.get using an installation from macports. Similar circumstances to Unable to run mix local.hex and mix local.rebar, but a different error message.

Here’s what I’ve got:

$ mix --version
Erlang/OTP 27 [erts-15.0] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1]

Mix 1.16.2 (compiled with Erlang/OTP 26)

$ openssl version
OpenSSL 3.1.6 4 Jun 2024 (Library: OpenSSL 3.1.6 4 Jun 2024)

Here’s the error:

$ mix deps.get --only prod
** (Mix) httpc request failed with: {:failed_connect, [{:to_address, {~c"builds.hex.pm", 443}}, {:inet, [:inet], {:tls_alert, {:certificate_expired, ~c"TLS client: In state wait_cert_cr at ssl_handshake.erl:2158 generated CLIENT ALERT: Fatal - Certificate Expired\n"}}}]}

Could not install Hex because Mix could not download metadata at https://builds.hex.pm/installs/hex-1.x.csv.

This seems like the root cert expiration problem from a few years ago discussed here but am not sure why I’d be running into it now. The macOS side is very old but has no trouble otherwise with hex.pm’s cert or others from LetsEncrypt.

I can get httpc to cooperate if I specify an alternate cacertfile:

iex(1)> :inets.start
:ok
iex(2)> :ssl.start
:ok
iex(3)> :httpc.request(:get, {'https://builds.hex.pm/', []}, [
...(3)>   ssl: [
...(3)>     cacertfile: '/opt/local/etc/openssl/cert.pem',
...(3)>   ]
...(3)> ], [])
{:ok,
 {{~c"HTTP/1.1", 200, ~c"OK"},
  [
...

If I install hex through github and try to accomplish the same using cacerts_path, no luck:

$ mix archive.install github hexpm/hex branch latest
$ mix hex.config cacerts_path /opt/local/etc/openssl/cert.pem
$ mix deps.get --only prod
...
** (Mix) httpc request failed with: {:failed_connect, [{:to_address, {~c"builds.hex.pm", 443}}, {:inet, [:inet], {:tls_alert, {:certificate_expired, ~c"TLS client: In state wait_cert_cr at ssl_handshake.erl:2158 generated CLIENT ALERT: Fatal - Certificate Expired\n"}}}]}

Could not install Rebar because Mix could not download metadata at https://builds.hex.pm/installs/rebar3-1.x.csv.

No luck with unsafe_https either.

Past discussions touched on things like actually expired certs and skewed local clocks, but none of that seems applicable.

First Post!

dimitarvp

dimitarvp

Interestingly enough, there was another thread very recently: Unable to run mix local.hex and mix local.rebar

I am thinking maybe it’s an OpenSSL 1.1.1 vs 3.0.x issue. Have you tried installing Erlang with asdf / mise and specify an OpenSSL directory?

Where Next?

Popular in Questions Top

mcarvalho
What is the difference between System.get_env and Application.get_env? For example, what are best practices to use one versus another.
New
qwerescape
Is there a way to get the call stack or stack trace at any point in the code? Not from exceptions, but an expression that returns how the...
New
albydarned
Hello all! I am typing this post from my new MacBook Pro with the M1 chip. I’m loving it so far, and will probably use it as my daily dr...
New
freewebwithme
Using vs code and installed ElixirLS: support and debugger. And I got an error popped up on start up says Failed to run ‘elixir’ comma...
New
vrod
I am using the Starship cross-shell prompt – it seems pretty nice, but I get some errors: [WARN] - (starship::utils): Executing command ...
New
RisingFromAshes
I’ve read in another post that it may be possible with a router helper - but I couldn’t find an appropriate one, and tbh, I’m still just ...
New
fayddelight
I tried installing elixir 1.11.2 erlang 23.3.4 via asdf in my zsh shell. Enabled the versions locally and globally. When I list them ...
New
bsollish-terakeet
Credo is smart enough to check for (something like) this: assert length(the_list) == 0 with this response: Checking if an enum is empt...
New
lanycrost
Hi everyone! I need implement if…else if…else condition from my elixir code, and anymore of this control flow structures not work proper...
New
vonH
In asking this question I am more interested about the expressiveness of the language itself and less concerned about the availability of...
New

Other popular topics Top

AstonJ
Posting this to see if we can make things easier for people to get into Neovim. If you use Neovim and have a favourite distro please let ...
New
marius95
Hello everyone, I try to use an Javascript Event Handler in my root.html.leex file. Therefore I created a function in the app.js file: ...
New
greenz1
I have a phoenix application from which a user can download multiple(5-6) files of size 1MB. I couldn’t find anything related to sending ...
New
jononomo
I am trying to figure out how Mix knows whether the environment is test, dev, or prod – where is this set? Thanks.
New
nobody
Hi! In PHP: $_SERVER[‘SERVER_ADDR’] - in Elixir? Searched the docs for ip address and the web, no good results. Thanks!
New
jason.o
In the code below, if the create action is not set to accept “extra_key” as an input, it errors out with a message shown above. Is there ...
New
saif
Hello everyone, Long time lurker first time poster here. I’ve recently begun working on Elixir full-time again! :raised_hands: It’s been...
New
rms.mrcs
Hi, I need to transform a list of numbers into a map where the keys are the indexes and the values are the original values of the list. ...
New
nsuchy
Hi. I’ve noticed that Windows Powershell has it’s own IEX command and you cannot access Elixir’s IEX due to the conflict. This isn’t a cr...
New
JakeBecker
TL;DR: I’ve just released an implementation of Microsoft’s IDE-independent Language Server Protocol for Elixir. It adds language support ...
1144 54120 245
New

Latest on Elixir Forum

Elixir Forum

We're in Beta

About us Mission Statement