macOS Installing yarn (curl: (60) SSL certificate problem: certificate has expired) the other OS works fine

For some reason my mac ISO stopped working and now every time I start Yarn doesn’t install apparently due to a problem with the certificate. It is curious that the other builds with Linux do work well.

This is the problem

install.yarn
Installing yarn
0.17s$ curl -o- -L https://yarnpkg.com/install.sh | bash
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html

This is my config file

language: node_js

node_js:
  - '14.15.1'

# Always run two parallel builds: one on mac and one on linux
# the linux build will use wine to be able to build windows and
# linux apps
matrix:
  include:
    - os: osx
      osx_image: xcode10.2
      language: node_js
      node_js: "14.15.1"
      env:
          - ELECTRON_CACHE=$HOME/.cache/electron
          - ELECTRON_BUILDER_CACHE=$HOME/.cache/electron-builder
      deploy:
        - provider: script
          script: bash deploy.travis.sh
          skip_cleanup: true
          on:
            branch: main
    - os: linux
      dist: xenial
      deploy:
        - provider: script
          script: bash deploy.travis.sh
          skip_cleanup: true
          on:
            branch: main
    - os: linux
      dist: xenial
      deploy:
        - provider: script
          script: docker run --rm -e GH_TOKEN -v "${PWD}":/project -v ~/.cache/electron:/root/.cache/electron -v ~/.cache/electron-builder:/root/.cache/electron-builder electronuserland/builder:wine /bin/bash -c "yarn electron:build --linux deb rpm --win nsis -p always"
          skip_cleanup: true
          on:
            branch: main

notifications:
  email: false

cache:
  yarn: true
  directories:
    - node_modules
    - $HOME/.cache/electron
    - $HOME/.cache/electron-builder

# add git lfs for large file support
before_install:
  - |
    if [ "$TRAVIS_OS_NAME" == "osx" ]; then
      mkdir -p /tmp/git-lfs && curl -L https://github.com/github/git-lfs/releases/download/v2.3.1/git-lfs-$([ "$TRAVIS_OS_NAME" == "linux" ] && echo "linux" || echo "darwin")-amd64-2.3.1.tar.gz | tar -xz -C /tmp/git-lfs --strip-components 1
      export PATH="/tmp/git-lfs:$PATH"
    fi
before_script:
  - git lfs pull

script:
  - |
    if [ "$TRAVIS_OS_NAME" == "linux" ]; then
      docker run --rm \
        -v ${PWD}:/project \
        -v ~/.cache/electron:/root/.cache/electron \
        -v ~/.cache/electron-builder:/root/.cache/electron-builder \
        electronuserland/builder:wine \
        /bin/bash -c "yarn --link-duplicates --pure-lockfile && yarn test"
    else
      yarn test
    fi

before_cache:
  - rm -rf $HOME/.cache/electron-builder/wine

branches:
  only:
    - main

Hey @merodriguez9112,

Are you sure this isn’t a (transient) download issue. Somebody’s cert was expired. Is this still happening?

This is happening since yesterday, I have tried several things, I changed the name of the repository, I tried other things in the configuration file like doing the download with -k to ignore the certificate but neither. Let try again but until about 1 hours ago it was happening.

still with the same problem :frowning_face:

Worker information

Build system information

ssh_key
Installing SSH key from: default repository key
Using /Users/travis/.netrc to clone repository.
git.checkout
$ git clone --depth=50 --branch=master https://github.com/merodriguez9112/w2doBuild.git merodriguez9112/w2doBuild
Setting environment variables from repository settings
$ export GH_TOKEN=[secure]
Setting environment variables from .travis.yml
$ export ELECTRON_CACHE=$HOME/.cache/electron
$ export ELECTRON_BUILDER_CACHE=$HOME/.cache/electron-builder
nvm.install
$ nvm install 14.15.1
install.yarn
Installing yarn
$ curl -o- -L https://yarnpkg.com/install.sh | bash
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure.

I will be investigating this further, will get back to you as soon as possible.

1 Like

thanks, I keep making changes in the configuration file to see if I can achieve something.

I really appreciate it @merodriguez9112, I’ll also be making an internal ticket.

2 Likes