Bottom line: install the intermediate “Entrust Certification Authority - L1K” TLS certificate that this server erroneously doesn’t provide to the local trusted certificates store, as per How to install certificates for command line - Ask Ubuntu
before_install:
- sudo mkdir -p /usr/local/share/ca-certificates/
- wget https://entrust.com/root-certificates/entrust_l1k.cer
- openssl x509 -in entrust_l1k.cer -out entrust_l1k.crt
- sudo mv entrust_l1k.crt /usr/local/share/ca-certificates/
- sudo update-ca-certificates
- rm entrust_l1k.cer
Report the incomplete certificate chain to this server’s admins since this is a TLS protocol violation so that they can fix it.
There’s a clear error message in the log:
SSL certificate problem: unable to get local issuer certificate
You can use the SSL Labs website to check for TLS problems that may fail the connection: SSL Server Test: www.vdh.virginia.gov (Powered by Qualys SSL Labs)
It says, in particular:
This server’s certificate chain is incomplete.
<…>
Extra download Entrust Certification Authority - L1K
So you need to get this missing intermediate certificate into the local trusted store, this way or another.
See Travis CI - Test and Deploy with Confidence for an example of a successful build after it’s installed with the code above.