[Git] 連線 Git 伺服器失敗,出現 Peer’s certificate issuer has been marked as not trusted 錯誤
今天 Jenkins 上的 git 指令突然失敗了,
無法從遠端 Git server 拉下東西來,錯誤訊息是
Peer’s certificate issuer has been marked as not trusted by the user:
12:42:00 > git fetch --tags --progress https://adc.github.test.com/TestProject +refs/heads/*:refs/remotes/origin/* # timeout=10 12:42:00 ERROR: Error fetching remote repo 'origin' 12:42:00 hudson.plugins.git.GitException: Failed to fetch from https://adc.github.test.com/TestProject 12:42:00 at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:909) 12:42:00 at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1131) 12:42:00 at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1167) 12:42:00 at org.jenkinsci.plugins.multiplescms.MultiSCM.checkout(MultiSCM.java:143) 12:42:00 at hudson.scm.SCM.checkout(SCM.java:505) 12:42:00 at hudson.model.AbstractProject.checkout(AbstractProject.java:1205) 12:42:00 at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:574) 12:42:00 at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86) 12:42:00 at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499) 12:42:00 at hudson.model.Run.execute(Run.java:1853) 12:42:00 at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) 12:42:00 at hudson.model.ResourceController.execute(ResourceController.java:97) 12:42:00 at hudson.model.Executor.run(Executor.java:427) 12:42:00 Caused by: hudson.plugins.git.GitException: Command "git fetch --tags --progress https://adc.github.test.com/TestProject +refs/heads/*:refs/remotes/origin/*" returned status code 128: 12:42:00 stdout: 12:42:00 stderr: fatal: unable to access 'https://adc.github.test.com/TestProject/': Peer's certificate issuer has been marked as not trusted by the user.12:42:00 > git fetch --tags --progress https://adc.github.test.com/TestProject +refs/heads/*:refs/remotes/origin/* # timeout=10
奇怪的是我本機去同一台 Git server 上抓檔案,就沒有問題…
試著在 Jenkins 那台上用 curl 去連 Git server 網站,
出現一樣的錯誤訊息,但從 curl 這邊來看,
可以猜測應該是 Git server 端的 HTTPS certificate 不被信任:
jenkinsbuild@localhost ~/workspace $ curl -L -v https://adc.github.test.com * About to connect() to adc.github.test.com port 443 (#0) ... * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * Server certificate: * subject: CN=adc.github.test.com,O=Test Inc.,L=Irving,ST=Texas,C=US * start date: Apr 20 11:48:14 2020 GMT * expire date: Apr 19 12:18:13 2022 GMT * common name: adc.github.test.com * issuer: CN=Entrust Certification Authority - L1K,OU="(c) 2012 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US * NSS error -8172 (SEC_ERROR_UNTRUSTED_ISSUER) * Peer's certificate issuer has been marked as not trusted by the user. * Closing connection 0 curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
問了一下 Git server 管理員,
差不多也是我們 Jenkins 發生問題前,他們剛剛更新了 HTTPS certificate,
所以可以假設他們可能換了一家 CA,
而這 CA 沒有在 Jenkins 機器的預設信任清單裡面,
但可能有在我的機器信任清單裡面,所以我的才沒有問題…
要解決這個問題,一個是將新的 HTTPS certificate 加入信任清單,
另一個簡單的方法,就是關閉 git 的 HTTPS 驗證功能:
git config --global http.sslVerify false
當然關閉這 HTTPS 驗證不是長久之計,
但短時間是可以暫時頂一下…
參考資料:[Solved] Git/Github Peer’s certificate issuer has been marked as not trusted by the user
(本頁面已被瀏覽過 2,717 次)