[PLEASE DISREGARD] Thanks to hex.pm staff for resolving the problem via their hosting provider. See comments from @ericmj below. The advice below is no longer relevant.
As of today (2 May), recent changes on hex.pm’s hosting provider are causing problems with Travis CI builds. Builds error out with symptoms like this:
Installing Elixir 1.3.4
$ wget https://repo.hex.pm/builds/elixir/v1.3.4.zip
--2017-05-03 01:06:54-- https://repo.hex.pm/builds/elixir/v1.3.4.zip
Resolving repo.hex.pm (repo.hex.pm)... 151.101.33.5
Connecting to repo.hex.pm (repo.hex.pm)|151.101.33.5|:443... connected.
OpenSSL: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
Unable to establish SSL connection.
The command "wget https://repo.hex.pm/builds/elixir/v1.3.4.zip" failed and exited with 4 during .
Your build has been stopped.
With many thanks to David Antaramian and Rebecca Skinner over on the Elixir Slack channel, I was able to get my builds up and running again. Sharing here in case others run into the same issue:
It looks like the default Ubuntu distro used on Travis (12.04) can not negotiate TLS with the upgraded hex.pm. Travis does offer “beta” support for a newer distro, which you can enable by adding the following to your .travis.yml file:
dist: trusty
sudo: false # optional ... depending on your config, you may need sudo: true
Hope this helps!
4 Likes
Thank you for the workaround @scouten. We have switched back to supporting TLS v1.1 with our hosting provider so Travis builds should work on the old containers again.
2 Likes
Stil doesn’t work on mine. I get this problem:
$ wget https://repo.hex.pm/builds/elixir/v1.4.2.zip
--2017-05-03 12:31:54-- https://repo.hex.pm/builds/elixir/v1.4.2.zip
Resolving repo.hex.pm (repo.hex.pm)... 151.101.33.5
Connecting to repo.hex.pm (repo.hex.pm)|151.101.33.5|:443... connected.
OpenSSL: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
Unable to establish SSL connection.
I had to roll back the fix because it took some time to roll out the certificate changes on Fastly. But the fix should be up and working some time today.
1 Like
I’m a Customer Support Engineer @ Travis CI and it seems that we can now download Elixir properly. Can you confirm if you’ve made the change in the end? Thank you!
1 Like
Yes, I made the change a while ago and DNS changes should have fully propagated by now.
1 Like
Confirmed. I’ve backed out the config changes in my library and it built successfully a few minutes ago. Thanks.
(Edited original post to add “please disregard” text.)
@bitboxer Are you still getting the error? Where are those machines located?
EDIT: If you are using Docker you might need to restart the daemon because it uses the start time as system time (or something similar) which will cause issues with certificate’s notBefore time since the certificate was issued today.
