I'm using OpenUri to read a JSON file from a HTTPS server. It was working fine a couple of days ago but this morning I got:
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed
The server presented a certificate that could not be verified:
error code 20: unable to get local issuer certificate
I think the server just renewed its SSL certificate so I'm wondering if that's related? Otherwise has my system lost its root certs?
I'm running Mac OS 10.11.2, Ruby 2.3.0 and OpenSSL 1.0.2e, installed with Homebrew and I use RVM.
The server is kimonolabs.com
The server does not sent the intermediate certificates which are needed to built the trust chain. Thus validation fails. Browsers in these cases often use cached intermediate certificates from earlier connection to other sites or try to download the missing certificates from the web. But other clients don't do this and thus the validation fails.
See also the report from SSLLabs:
This server's certificate chain is incomplete. Grade capped to B.
Thus, the problem needs to be fixed at the server side.