Help us understand the problem. What is going on with this article?

rails-assetsのSSL証明書が期限切れでbundle installできない

More than 1 year has passed since last update.

また rails-assets.com のSSL証明書が期限切れらしい。
そのせいでbundle installができずにherokuへのデプロイが失敗していた。

       Fetching source index from https://rails-assets.org/

       Retrying fetcher due to error (2/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://rails-assets.org/.
       There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see http://bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
       Retrying fetcher due to error (3/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://rails-assets.org/.
       There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see http://bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
       Retrying fetcher due to error (4/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://rails-assets.org/.
       There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see http://bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
       Could not verify the SSL certificate for https://rails-assets.org/.
       There is a chance you are experiencing a man-in-the-middle attack, but most
       likely your system doesn't have the CA certificates needed for verification. For
       information about OpenSSL certificates, see http://bit.ly/ruby-ssl. To connect
       without using SSL, edit your Gemfile sources and change 'https' to 'http'.

ずっと昔から、rails-assetsに頼るのは良くないとか、2016年にいたってはSSL証明書の期限問題が話題になったこともあり、「えー、今更rails-assetsなんかに頼ってるのー?」って人が多いと思うけど、古いプロジェクトなんかでは使っている場合もあるんじゃないだろうか。

解決方法

環境変数BUNDLE_SSL_VERIFY_MODE0を設定する。
herokuでも有効。

当然、脆弱なのでおすすめしない。
おすすめしないぞ!
本番環境でこの設定を使うんじゃないぞ!?

rails-assetsからは早く逃げよう。

Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
No comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
ユーザーは見つかりませんでした