Fallen at the first hurdle: [notice] TLS :client: In state :certify at ssl_handshake.erl:2082 generated CLIENT ALERT: Fatal - Unknown CA

Hello guys and gals.
I’m a developer who’s interested in giving elixir a try, primarily to learn a bit of functional programming and because I like some of the unique things I’ve heard about this language and the BEAM virtual machine.

I decided yesterday after work I would download it, get phoenix (which seems to be a popular and easy to pick up web framework) and make a hello world app that served me some basic page on the local host.

Unfortunately though I seem to have “Fallen at the first hurdle”. I did this:

  • I used Mix to create a new project

  • added this to list returned by the deps function the mix.exs file:
    {:phx_new, “~> 1.6”}

  • ran “mix compile” from the command line which prompted me to run “mix deps.get” - so I did

-This didn’t work! I got this error:
[notice] TLS :client: In state :certify at ssl_handshake.erl:2082 generated CLIENT ALERT: Fatal - Unknown CA

Am I doing something wrong? Am I going about trying to add the package in the right way? I just don’t know. I’ve obviously googled it and other people have reported that error under different circumstances.

Assuming I’ve done the right thing to try and add the package, Is there anything I can do to fix my problem?

Thanks everyone,

1 Like

Hey @JimMarshall35 welcome! Can you show the guide you’re using? The official Phoenix installation guide is here Installation — Phoenix v1.6.11 and uses a different process than what you’re outlining here.

1 Like

Hi Ben - I should have said really, I did initially try that guide you linked to but was met with the same error message at the point where I ran “mix archive.install hex phx_new”

Can you show the output of

elixir -v

No problem. That’s:

Erlang/OTP 24 [erts-] [source] [64-bit] [smp:12:12] [ds:12:12:10] [async-threads:1] [jit]

Elixir 1.13.4 (compiled with Erlang/OTP 22)

Learning a functional language taught me more about programming than anything else, and Elixir is the best language for that imo. Its simple (not super pure, no monads, …), nice syntax, great community, it has the BEAM and OTP. With those it has the best concurrency model - actors, which in turn again allow the great Phoenix framework become the best in the world with liveview. Also there is NX, livebook, Ecto, …

I would strongly recommend to start learning Elixir until you understand GenServer before starting Phoenix and then start with liveview directly, which is very easy an intuitive if you can handle a GenServer.

That all seems pretty modern!

So when you run mix archive.install hex phx_new you get the SSL error? What operating system are you on?

Correct - and I’ve just tried it again now with a freshly made project and I’m getting the same thing. I’m on windows 10

what output does

mix local.hex

give you?

Yeh I have heard it isn’t perhaps the best example of a purely functional language - but It’s mainly the BEAM that appeals to me and the actor model you mentioned - that appeals to me quite a lot as a concept.

I need something to enable me to learn elixir - something that will provide me with results instantly. I’m fully at peace with the fact I won’t understand it all at first - but I need some sort of library to work with or I fear my fun learning experience will become a boring one :grinning:

My interest in elixir (and in fact web development) is a purely personal one actually - I work as a developer of desktop windows software

That gives me this:

Found existing entry: c:/Users/james.marshall/.mix/archives/hex-1.0.1
Are you sure you want to replace it with “https://repo.hex.pm/installs/1.13.0/hex-1.0.1.ez”? [Yn]

That might not play well with …


ah I hadn’t noticed that. To install the lot I used the windows installer from the elixir website - I think i might try reinstalling this and seeing if there’s some option I might have missed

You might be interested by asdf-vm, as it is a popular way to install both Erlang and Elixir (and many more).


On Windows you are better off either using asdf-vm to manage your Erlang / Elixir installs, or chocolatey. The official installer likely works but I’d sleep better knowing I can get a proper Erlang + Elixir combo (namely e.g. Erlang 24 and Elixir compiled for Erlang 24).

It might be a root ca problem on windows 10.


Of course, it would have to be based on where mix is checking for the cert, but I’m unfamiliar with windows.

I’ve now reinstalled it, this time choosing a newer experimental version of elixir (1.14.0-rc.1) and this time it’s given me a version of elixir that’s actually compiled for erlang 24. I’m still getting the same problem though unfortunately

1 Like

Thanks, this looks promising I’ll take a look - cheers :slight_smile:

I believe that’s likely related to needing to have a certain collection of certs and I keep forgetting every time how is it done, sorry. Hopefully the others will chime in.

Could it be your PC accesses the internet through some corporate outbound firewall that intercepts HTTPS traffic, by injecting itself in the TLS handshake and presenting a certificate signed by a corporate CA that exists in your OS CA trust store but not in the CA trust store used by Hex?

Assuming you have the openssl CLI tool available, what does openssl s_client -connect repo.hex.pm:443 -servername repo.hex.pm show you under “Certificate chain”? Alternatively, if you open https://repo.hex.pm in a browser and you inspect the server’s certificate, what issuer(s) do you see?