PRODU


Nix problem with the ssl ca cert

Nix problem with the ssl ca cert. 6 with TLS. Update CA certificate. narinfo': Problem with the SSL CA cert (path? access rights?) (77) Every other package also has this same issue. 16-4. in my container CI. 3-2. zolodev pushed a commit to zolodev/nix that referenced this issue on Jan 1. 2 - nix-channel --update failed as nix-prefetch-url reported 'Problem with the SSL CA cert'. some of the full CAs on your browser sell 'sub-CA' certificates to other entities. That said, while that’s better style, I don’t think it will fix the problem you’re looking at, unless bundling with an already bundled bundle Mac OS multi-user installations are currently broken because all requests made by nix-daemon to the binary cache fail with: ``` unable to download Problem with the SSL CA cert (path? access rights?) (77). 14 do not seem to honor NIX_SSL_CERT_FILE environment variable. ``` This change ensures that the nix-daemon knows where to find the SSL CA cert file. Feb 11, 2023 · Describe the bug Company has added ZScaler vpn, and so my nix-darwin home-manager set up began to fail with SSL peer certificate or SSH remote key was not OK when calling cache. Jan 17, 2014 · Long answer. json as well as a copy of the install binary at /nix/nix-installer; nix-channel --update is not run, ~/. As part of that process, I install a self-signed ssl certificate via. pem Mar 26, 2023 · Nix and the installer don't touch your Mac's curl or ca-certificates in any way. 13 and 2. Looking at strace nitter, I discovered the application was looking explicitly for the libssl library: Apr 26, 2018 · 2. install, ssl, ca, cert, linux, web, app MATLAB Compiler Jun 5, 2020 · While the information about the certificate chain and how it works is very useful in general, your answer cannot include the solution. Continue of discussion from #80698 Example error: Discord: [WebContents] did-fail-load -202 ERR_CERT_AUTHORITY_INVALID retry in 20000 ms Steam: [0312/163655. If you are using RHEL/CentOS, try yum reinstall openssl ca-certificates -y. noarch'. certificates = [ /root/cert ]; to my /etc/nixos/configuration. I got things working (after wrangling with permissions), but when I connect to the server with: Oct 17, 2019 · In this case I think the installed systemd unit file for nix-daemon. Oct 10, 2019 · $ /usr/bin/openssl s_client -connect cache. Note: Common Name value used for the server and client certificates/keys must each differ from the Common Name value used for the CA certificate. 04) with three steps: (1) reset the ssl verification to be true: (2) reinstall ca-certificates: (3) modify the . Show you what we are going to install and where. 1. You might have to disable the certificate verification in your case: cd /path/to/repo. . I did what you suggest here - without the rm -f step - and the problem was resolved. g. 6, behind http_proxy. Usual proxy variables and CURL_NIX_FLAGS are set. Since I no longer have access to the original Apr 17, 2023 · I don’t really grok what’s going on, but I’ve seen a number of issues that sound ~related recently, including: nix-shell doesn't seem to respect NIX_SSL_CERT_FILE · Issue #7914 · NixOS/nix · GitHub Nix installer 2. crt, a concatenated single-file list of certificates. Dec 19, 2018 · Problem with the SSL CA Cert ( path?accessright?) PLS see the image below What is wrong? I can not disable more firewalls or antivirus. If you don't specify a NIX_SSL_CERT_FILE manually, Nix will install and use its own certificate bundle. Apr 23, 2021 · Suppose I am at network where there is MITM SSL swaping firewall (google. This doesn't mean the certificate is suspicious, but it could be self-signed or signed by an institution/company that isn't in the list of your OS's list of CAs. Set the environment variable Feb 5, 2024 · Adding the following data point, when exclusively on mobile data connection I can reliably run a command like the next, but as soon as wifi (over home router) comes into play, I get the ssl errors again: Feb 11, 2018 · You can't directly access nixos attributes from within nixpkgs. (cherry picked from commit b7c0223 ) Sep 2, 2015 · I have a nix expression that builds a virtualbox vm. Git and SSL do not work in nix-shell NixOS/nixpkgs#64212. Upgrading Nix 1. Oct 18, 2022 · Thanks to the comments on the question, I discovered some things. 5. I'm using a recently updated macOS Nix installation with Nix-installed version o Nov 14, 2004 · If you need to specify a custom certificate bundle to account for an HTTPS-intercepting man in the middle proxy, you must specify the path to the certificate bundle in the environment variable NIX_SSL_CERT_FILE. It’s gotten a bit less acute since building this particular app from source in a nix flutter shell works well, but I cannot get the binary to run on my NixOS system if it’s built somewhere else, e. # cd /etc/postfix/ssl. theos. 2. ]; Otherwise you won’t be able to build your system reproducibly. Fixes #2899 and #3261. Products & Services. Running nix-channel --update failed with the following message: nix-channel --update. /certificate. pem only on your local, not to the concatenated version. Review the question and see that conda1. Reload to refresh your session. yml:. com Fri Feb 19 23:28:37 CET 2016. As long as you have the ca-certificates Feb 11, 2023 · If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). However, the ESP8266 also needs to validate the date of the certificate, and it needs an accurate Feb 1, 2015 · 26. -connect jsonplaceholder. pem" extension) and run update-ca-certificates; Ubuntu: Copy the certificate into /usr/share/ca-certificates/extra (with ". sslVerify false. pki. If this certificate is present in the chain during the handshake, it will be added to the certificate_authorities list and the handshake will continue normaly. The org. My host OS is Windows, and the devcontainer was Ubuntu. Mar 2, 2023 · error: unable to download 'https://cache. setTrustAnchors(new BearSSL::X509List(rootCACertificate));. Yes, I did briefly look at wrapProgram, but I think I have only four apps that may run nix stuff, but a lot more than four things that will be run from these, so now I have set NIX_SSL_CERT_FILE for all of these. com probably gets a lot of what you'd want as a spy. Apr 19, 2019 · curl: (77) Problem with the SSL CA cert (path? access rights?) I added an SSL certificate and changed it accordingly as shown above from "http" to "https" I expected that was going to work latest version of plesk operating system centOS. service configuration to include my cert file in its environment. Type the command to create a SSL CSR for a mail server called smtp. For whatever reason, inside a Dockerfile, these ENV variables need to be the concatenated. 14. The fact that you are getting them suggests to me that your computer may be experiencing adverse networking conditions unrelated to Nix. Asking for help, clarification, or responding to other answers. 0. net verify return:1 Jun 22, 2023 · Verified that nix is using specified cabundle: nix --extra-experimental-features nix-command show-config | grep ssl returns ssl-cert-file = /etc/pki/tls/cert. crt" extension) and run the command dpkg-reconfigure ca-certificates; AIX: Copy the certificate into /var/ssl/certs; HP-UX: Copy the certificate into /opt/openssl/certs; Solaris Jul 12, 2007 · Step # 1: Generating a CSR and private key for Postfix SMTP. I’m trying to run docker (or podman) in a nixos container and wondering if someone achieved that. org:443 CONNECTED(00000003) depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA verify return:1 depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2 verify return:1 depth=0 C = US, ST = California, L = San Francisco, O = " Fastly, Inc. crt from nixpkgs is the last location tried, so on most systems, installing this bundle will have no effect on trusted certificate authorities. I’m curious if there Aug 2, 2023 · We coincidentally had an installer workgroup meeting this morning and I asked about this. In NixOS's configuration. Prepar3d went flawless with activation. Copy the certificate into /etc/ssl/certs (with ". com is not issued by Google, but reissued by custom CA root authority) some more details here https://security. Repo rhel-7-server-rpms forced skip_if_unavailable=True due Oct 20, 2022 · sudo yum reinstall ca-certificates This should fix your /etc/pki/tls folder. Put this at the top of your . To get the fingerprint from a CA certificate on a Unix-like system, you can use the following command, where ca. Apr 10, 2016 · Issue description. narinfo': Problem with the SSL CA cert (path? access rights?) (77) However, if I try this it seems to work. Nix sandbox causes build to fail ttytm/wthrr-the-weathercrab#115. crt (because we use external certificates and i didn't realise it was needed) . Create the system users and groups that the Nix daemon uses to run builds. thank you! Dec 11, 2019 · Problem with the SSL CA cert (path? access rights?) (77). furthermore, don't dismiss the usefulness of issuing a fraudulent single name cert. For now I’m able to run them in a privileged container if I manually remount /sys/fs/cgroup as read-write and I’m able to get docker daemon running in an unprivileged container, though runc fails: docker Jun 12, 2013 · Turns out that the problem was with face that the script was running from a cPanel "email piped to script", so was running as the user, so is was a user problem, but was not affecting the web server at all. git config http. sni. And I’d certainly favor creating a symbolic link in some known location, it’s effectively the same thing; either we search for a CA bundle each time a shell is launched and store the location in an environment variable, or we OPTION 1 Direct curl. For installing nix I used NIX_SSL_CERT_FILE, but needed to kill zscaler in a loop for the basic configuration of darwin with Apr 18, 2023 · The problem was that nix ignored my custom SSL cert file, so I had to edit the nix-deamon. I already tried: reinstalling git (2. It still Mar 14, 2023 · If so, the simplest thing might be to instead hard-code the path to a script that sources the Nix setup first. You can do git config --unset-all http. It can certainly improve purity when we are actually building a package, because in general SSL libraries try to read CA bundles from standard locations so something from them might sneak into the result. Feb 11, 2016 · cb14d3d. However, I'm unsure where exactly I should be storing this certificate. Click through "more information" → "display certificate" → "details" and select each node in the hierarchy beginning with the uppermost one; for each of them click on "Export" and select the PEM format: May 19, 2022 · Please keep in mind that I am a total noob with SSL and certificates! But I need to do an HTTPS request in C in a portable way so I was forced to use libcurl. If you get SSL errors while running the above command, you need to disable SSL verification for yum and try again. fc27) reinstalling ca-certificates (2017. A digital certificate provides: Jun 23, 2020 · security. activate-system service which remains after Nix is uninstalled. security. Related variables are AWS_CA_BUNDLE, SSL_CERT_FILE, and CURL_CA_BUNDLE, though these need to be set to trusted. an https request sent using WinInet. Apr 15, 2021 · [jk@arco nix]$ NP_DEBUG=1 nix-portable nix-build -A container figuring out ssl certs SSL_CERT_FILE not defined. 04 in Docker) the certificate is not trusted: curl: (60) SSL certificate problem: unable to get local issuer certificate I tried update-ca-certificates and even imported the Globalsign Root certificate. Oct 27, 2021 · Step 2. Yum fails with " [ERRNO14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"". CA certificates need to be concatenated in Dec 23, 2018 · The thing is, that Chrome/Mozilla/Edge on Windows trust the site certificate anyway: However, in a Gnu/Linux deployment (Ubuntu 18. Aug 16, 2013 · Syslint ™ Technologies is a technical support and software development company offering enterprise solutions since 2008. cacert. You signed in with another tab or window. certificates = [ certfile ]; That works fine. This occurs because nix-darwin provisions an org. Assignees. This may fix other issues as well. readFile . Mar 21, 2022 · The way security. Closed. Knowledgebase. 227845:ERROR:s Nov 24, 2023 · Step 3 – Create the CA certificate (TLS/SSL) Make a directory named ssl in /etc/mysql/ directory using the mkdir command: $ cd /etc/mysql. 11. csr. There is Aug 2, 2023 · The most relevant is this one Multi-user installation on OSX - SSL cert problem for user, not for root · Issue #2899 · NixOS/nix · GitHub but I am not sure if it is related and the solutions do not work. This feels a bit hacky and not very “Nix-ish”. You signed out in another tab or window. I converted it to . 3. baidu. pem file beginning with "BEGIN CERTIFICATE" and ending with "END CERTIFICATE". cer certificate but it did not work. com:443 </dev/null 2>/dev/null \. The problem is if I want to run a nixos-rebuild to reconfigure the vm. $ sudo mkdir ssl. org. 4. (as in "Git: ignore a self signed certificate") The other option, similar to "Unable to clone Git repository due to self signed certificate" would be to import that certificate into git. pki works is by creating certificate bundles that are linked somewhere in /etc/, then it’s up to the program to use them. With the curl command line tool: --cacert [file] Add the CA cert for your server to the existing default CA certificate store. This is done by adding sslverify=false in /etc/yum. variables: GIT_SSL_NO_VERIFY: "1" Point GitLab-Runner to the proper certificate There are different kinds of resellers. Stack Exchange network consists of 183 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers. $ nix profile install nixpkgs#curl error: unable to download 'https://cache. crt in /etc/ssl/certs/ - should I simply append the text of my certificate onto one of these? Or just move the certificate into this directory? Dec 16, 2014 · I have since installed nscd as a workaround, which fixes the problem when building from sources, Right, Nix expects SSL_CERT_FILE or CURL_CA_BUNDLE to be set. I am using Nix on my work computer (macOS, single-user installation). fc27) Mar 17, 2022 · I am using Redis 6. Trusted certificates are often installed or updated via the OS, browsers, or individual packages. Why do I get the "Error: Download process Learn more about matlabwebappserversetup. Nov 1, 2022 · pshirshov November 1, 2022, 4:42pm 1. You switched accounts on another tab or window. Sep 9, 2019 · Surprisingly ca-bundle. key -out smtp. curl or git can’t find a valid CA-bundle (like on ancient systems where the system’s CA bundle doesn’t know about LetsEncrypt), so I additionally pulled in cacert. 0 in a podman container. jeiang mentioned this issue on Apr 16, 2023. Download the certificates (all certificates are included in a single file) Execute the curl command passing the certificateS you want to use. Then you can go ahead and explain why it is a server-side problem, as the server is providing two SSL certificates with full chain, and on top of that it's working fine on non-Windows platforms, that's why this issue is labelled as OS: Windows. $ cd ssl. Previous message: [Nix-dev] Installing CA certificates Next message: [Nix-dev] Installing CA certificates Messages sorted by: Mar 5, 2023 · I am not sure if my next intention is to have project specific flakes with direnv integration, how will this requirement for sudo will work with that not sure and how will NIX_SSL_CERT_FILE work. conf. The basic reason is that your computer doesn't trust the certificate authority that signed the certificate used on the Gitlab server. Tested on Windows 10. Mar 31, 2024 · It hold SSL certificates and generates ca-certificates. Provide details and share your research! But avoid …. Type the update-ca-certificates command: $ sudo update-ca-certificates Be verbose and output openssl rehash by passing the -v option: $ sudo update-ca-certificates -v Outputs: [sudo] password for vivek Mar 7, 2016 · I think that we can skip setting SSL_CERT_FILE if we are in a shell. Sep 29, 2014 · 13. This is the correct way to load your CA certificate into the ESP8266 for it to validate the server's certificate during the SSL handshake. · Issue #7985 · NixOS/nix · GitHub Thanks @domenkozar for helping out. sslCAInfo, which will remove this setting and use the system default. Configure your shell to import special Nix Profile files, so you can use Nix. Jul 30, 2019 · If so, the simplest thing might be to instead hard-code the path to a script that sources the Nix setup first. certfile = builtins. typicode. A HEX encoded SHA-256 of a CA certificate. The default CA certificate store can be changed at compile time with the following configure options: --with-ca-bundle=FILE: use the specified file as the CA certificate store. subca certs can issue a certificate for any name. Mar 12, 2020 · Describe the bug Flatpak app using SSL don't work on NixOS 20. Sep 23, 2010 · In Firefox, go to the GitHub page (any) Click on the GitHub icon on the address bar to display the certificate. sh. Steps to reproduce. pem file (after relevant COPY commands of course) Sep 11, 2019 · If so, the simplest thing might be to instead hard-code the path to a script that sources the Nix setup first. crt is the certificate. Appears to be the same as this issue: Nix run error: Problem with the SSL CA cert but the solution did not work for me. Perform the basic installation of the Nix files daemon. ea8357b. in: # mkdir /etc/postfix/ssl. The developer on the detsys installer thinks this sounds like some reports they have about trouble caused by uninstalling Nix without uninstalling nix-darwin first, and having some of nix-darwin’s artifacts/changes dangling. I have set setenv NIX_SSL_CERT_FILE on launchctl and restarted nix-daemon hoping I wont' have to provide the NIX_SSL_CERT_FILE before the command, but Jun 25, 2020 · I keep running into issues with curl, cargo, git and other commands that fetch data over http(s) in Nix shells. To resolve the issue, you’ll need to restart Apache Jul 25, 2023 · What you should do instead is to use wifiClient. com or facebook. trying to find certs automatically certs seem to reside in /etc/ssl/certs. stackexchange Jul 19, 2023 · Finally I found out the reason. nixos. I’ve had a lot of certificate difficulties because of this, but what I’ve found that works is simply appending my work’s certificate onto the included CA bundle that Nix provides. Otherwise the installation will succeed but any non-root user will not be able to download anything via the daemon due to missing environment unless: SSL_CERT_FILE is Mar 16, 2024 · I too think this is a server-side problem. Not sure why i have to do this yet. /mycert. gitconfig file: In case it helps, I was having this problem when setting up a VS Code devcontainer. I figured this is a similar issue where e. openssl s_client -showcerts \. crt and ca-certificates. There's a problem in portability, as packages don't have to run on nixos, and CA stores are on different locations in different distributions. I don't think there is anything wrong with my system, since 1. a cert for gmail. I noticed there are ca-bundle. org/g8bqlgmpa4yg601w561qy2n576i6g0vh. Fixes #2899 and #3261 . 21162a6-2. # openssl req -new -nodes -keyout smtp. I managed to provide Redis with SSL certificates (full-chain and key certificates) that are issued by ZeroSSL through Acme. Eg: ssl_ca = pkgs. It seems that the SSL settings for my system aren’t inherited, so the certs can’t be verified or aren’t foun&hellip; Jan 13, 2021 · It sounds like one or more of your runners doesn't trust the certificate on your gitlab host. 10 to 1. I could not reliably solve the zscaler proxy. Dec 9, 2022 · No, unfortunately not. conf if the ssl-cert-file argument is used. . Jun 16, 2015 · Stack Exchange Network. Nix 1. I have mailed to support [email protected] but they only tell me to disable my firewalls, which I have done a couple of times. certificateFiles = [. nix you would also have a ssl_ca list option to manage the list of certs available in the store. Red Hat Customer Portal - Access to 24x7 support and knowledge. Jul 26, 2014 · I believe a better solution would be to define a system-wide CA store for NixOS and configure OpenSSL to use the host's CA store by default (also on other systems). The "http" address curl does not give error, but still not working at the other end. First one is for RHEL/Centos like, and second is for Ubuntu like distros. The highest available version is already installed. sudo NIX_SSL_CERT_FILE=/Users/mkodnani/nscacert_combined. People at ArcticDB seem to be running into the same issue here: man-group/ArcticDB#514. crt. Then we will ask if you are ready to continue. zypper up ca-certificates ca-certificates-mozilla Loading repository data Reading installed packages No update candidate for 'ca-certificates-2+git20210309. gitlab-ci. My setup is using flake under darwin. For instance, in the *nix world, the certificates are often available through the ca-certificates package, and the certificates are installed to locations that boost::asio::ssl::context::set_default_verify_paths() will find. /configure && make && sudo make install ). nix-channels is not provisioned; ssl-cert-file is set in /etc/nix/nix. Feb 16, 2017 · fatal: unable to access 'https://repo-url': SSL certificate problem: unable to get local issuer certificate. crt has been installed (matching the guide you linked) and verified valid already. h works perfectly 2. 2 from source ( . I didn't change anything and my /etc/pki directory is almost the same like the one of a friend who's still using F26. pem which is a symlink to tls-ca-bundle. 03. My work has their own custom CA for MITM interception. Again run as root user: update-ca-certificates OR. in. pem. Please see this GitHub issue, that’s where I got that from. pem Mar 26, 2024 · In a real Unix system, including WSL, /bin is only for executable binaries, and would never contain configuration or data files like certificates. Repo rhel-7-server-extras-rpms forced skip_if_unavailable=True due to: %(ca_cert_dir)sredhat-uep. Jan 14, 2018 · 2. After that you should be able to install other packages again. certs - ["china"]). Oct 6, 2014 · For the Clef for WordPress plugin, this is an issue because the secure login handshake happens over an SSL connection with the Clef servers. Jun 23, 2023 · Verified that nix is using specified cabundle: nix --extra-experimental-features nix-command show-config | grep ssl returns ssl-cert-file = /etc/pki/tls/cert. You'll have to track down the root and intermediate certs used to sign your TLS cert, and add it to your runners' hosts. Jan 16, 2015 · I didn't realise that this problem was because I'd deleted ca-bundle. nix. Installing curl may resolve this issue for some environments but a more thorough solution is required. The problem is I’m not sure you can configure openjdk to use an alternative path. Jan 10, 2018 · This code works fine with CentOS, but throw "Problem with the SSL CA cert (path? access rights?)" on debian, the CA file I specified is right and can be read, and when I run curl -v https://www. org/0025zncyzwcmsp3v3z1srs51b7py6psc. 24. Jan 5, 2024 · A certificate authority is a company or organization that acts to validate the identities of entities (such as websites, email addresses, companies, or individual persons) and bind them to cryptographic keys through the issuance of electronic documents known as digital certificates. Probably you didn't tell it the path to the CA certs and it is using a default path. If you are getting "Problem with the SSL CA cert (path? access rights?)" it may very well mean that you have either deleted everything from /etc/pki/tls/certs/ or have set invalid permissions (CHMOD). Most important is Common Name, in our example it is set to smtp. This app queries a web API on https on a server with a LetsEncrypt certificate. # 1. service should also provide this environment variable: [Service] Environment = "NIX_SSL_CERT_FILE=<value>". You have two options: Ignore SSL verification. Jan 10, 2019 · Hello, I have a problem with multi-user install on CentOS 7. Remove specific software name from header in docs ( NixOS#795) …. matta mentioned this issue on Sep 12, 2022. close(); curl_easy_setopt(curl, CURLOPT_CAPATH, "/etc/ssl/certs"); There are two popular formats of storing root certificates. Jul 29, 2021 · Hello all. I used . activate-system service in this state interacts with the newly installed Nix and changes the SSL certificates it uses to be a broken symlink. Nov 13, 2023 · What is the ‘ssl certificate problem unable to get local issuer certificate’ error? The unable to get local issuer certificate is a common issue faced by developers when trying to push, pull, or clone a git repository using Git Bash, a command-line tool specific to Windows. The solution is pretty simple: remove the entry. Our team consists of people that have been mastering their knowledge about all sorts of Unix / Linux systems. 👍. an installation receipt (for uninstalling) is stored at /nix/receipt. Resolving package dependencies Aug 16, 2019 · uri-canva changed the title No SSL certificates on macOS with nix-shell --pure No SSL certificates in nix-shell --pure on Apr 3, 2023. ", CN = e. May 31, 2016 · I tried to install something with Homebrew today (a package that is out of date on Nix) and it failed with the following error: curl: (51) SSL: certificate verification failed (result: 5) Digging into this, it's trying to download a file using curl that, after redirects, ends up fetching a URL like Dec 27, 2023 · yum fails with the following message [Errno 14] curl#77 - "Problem with the SSL CA cert (path? access rights?)" Loaded plugins: product-id, search-disabled-repos, subscription-manager. Artturin removed this from the 23. fastly. pem nix-shell -p nix-info --run "nix-info -m" Feb 1, 2023 · Put the file next to your nixos configuration file and simply include it with: security. I suspect now the problem might be that the cacerts file I had on my machine at the time I installed nix was invalid I installed curl via homebrew and get the same problem when using the cacerts file that nix was pointing to, and I suspect the brew version of curl should work with OpenSSL as it has it as a dependency. I solved this problem (Ubuntu 18. If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. com in terminal, it shows May 20, 2021 · caBundleFile. Remember to delete this line after Dec 10, 2018 · Thanks for contributing an answer to Stack Overflow! Please be sure to answer the question. It is only X-plane that causes this problem. Jan 11, 2022 · If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). 05 milestone on Apr 15, 2023. [Nix-dev] Installing CA certificates Adam Russell adamlr6 at gmail. Jun 17, 2022 · I’m trying to start a flutter app that was built with flutter-3. Some steps succeed, using proxy, step which fails is: I am executing: $ sudo HOME=/root NIX_SSL_CERT_FILE Hello, Do you have root access to this system? If so, could you verify if this system uses EasyApache 3, or EasyApache 4? Also, please post the output from the following command: Aug 4, 2017 · opening a new issue for NixOS/nix#921 (comment) from @xpe, and moved away from NixOS/nix#1501 Original content: I think I might be facing a related problem. The problem here is that libcurl is statically linked into the extension and there are certificates missing or in the wrong path. sn kc dn cg ft du jf bd xs mf