Qiita Teams that are logged in
You are not logged in to any team

Log in to Qiita Team
Community
OrganizationAdvent CalendarQiitadon (β)
Service
Qiita JobsQiita ZineQiita Blog
0
Help us understand the problem. What is going on with this article?
@ttakuru88

rails-assetsのSSL証明書が期限切れでbundle installできない

More than 1 year has passed since last update.

また rails-assets.com のSSL証明書が期限切れらしい。
そのせいでbundle installができずにherokuへのデプロイが失敗していた。

       Fetching source index from https://rails-assets.org/

       Retrying fetcher due to error (2/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://rails-assets.org/.
       There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see http://bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
       Retrying fetcher due to error (3/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://rails-assets.org/.
       There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see http://bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
       Retrying fetcher due to error (4/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://rails-assets.org/.
       There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see http://bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
       Could not verify the SSL certificate for https://rails-assets.org/.
       There is a chance you are experiencing a man-in-the-middle attack, but most
       likely your system doesn't have the CA certificates needed for verification. For
       information about OpenSSL certificates, see http://bit.ly/ruby-ssl. To connect
       without using SSL, edit your Gemfile sources and change 'https' to 'http'.

ずっと昔から、rails-assetsに頼るのは良くないとか、2016年にいたってはSSL証明書の期限問題が話題になったこともあり、「えー、今更rails-assetsなんかに頼ってるのー?」って人が多いと思うけど、古いプロジェクトなんかでは使っている場合もあるんじゃないだろうか。

解決方法

環境変数BUNDLE_SSL_VERIFY_MODE0を設定する。
herokuでも有効。

当然、脆弱なのでおすすめしない。
おすすめしないぞ!
本番環境でこの設定を使うんじゃないぞ!?

rails-assetsからは早く逃げよう。

0
Help us understand the problem. What is going on with this article?
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
ttakuru88
Ruby on Rails。 仕事ではdocbase.io、趣味ではuwaoe.netを開発。

Comments

No comments
Sign up for free and join this conversation.
Sign Up
If you already have a Qiita account Login
0
Help us understand the problem. What is going on with this article?