SSL_connect 返回=1 errno=0 状态=错误：在 ruby​​ 和 Ubuntu 14.04 中证书验证失败

Question

我有一个与第三方网络服务集成的 Rails 应用程序。自最初开发以来，它多年来一直运行良好。由于某种意想不到的原因，它突然停止工作了。我想说我们还没有改变代码中的任何内容。唯一可以与之相关的是我们的 Letscrypt SSL 证书已过期并且我们更新了它。

\n

事实是 I\xc2\xb4m 在调用 Web 服务请求时收到此错误：

\n

E, [2022-02-17T19:53:25.385435 #32501] ERROR -- : SSL_connect returned=1 errno=0 state=error: certificate verify failed\nE, [2022-02-17T19:53:25.385876 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/httpi-2.4.4/lib/httpi/adapter/httpclient.rb:28:in `rescue in request\'\nE, [2022-02-17T19:53:25.386103 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/httpi-2.4.4/lib/httpi/adapter/httpclient.rb:24:in `request\'\nE, [2022-02-17T19:53:25.386358 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/httpi-2.4.4/lib/httpi.rb:161:in `request\'\nE, [2022-02-17T19:53:25.386658 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/httpi-2.4.4/lib/httpi.rb:127:in `get\'\nE, [2022-02-17T19:53:25.386909 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/wasabi-3.5.0/lib/wasabi/resolver.rb:43:in `load_from_remote\'\nE, [2022-02-17T19:53:25.387150 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/wasabi-3.5.0/lib/wasabi/resolver.rb:33:in `resolve\'\nE, [2022-02-17T19:53:25.387349 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/wasabi-3.5.0/lib/wasabi/document.rb:142:in `xml\'\nE, [2022-02-17T19:53:25.387606 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/wasabi-3.5.0/lib/wasabi/document.rb:160:in `parse\'\nE, [2022-02-17T19:53:25.387887 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/wasabi-3.5.0/lib/wasabi/document.rb:147:in `parser\'\nE, [2022-02-17T19:53:25.388162 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/wasabi-3.5.0/lib/wasabi/document.rb:64:in `soap_actions\'\nE, [2022-02-17T19:53:25.388432 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/savon-2.12.0/lib/savon/operation.rb:22:in `ensure_exists!\'\nE, [2022-02-17T19:53:25.388696 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/savon-2.12.0/lib/savon/operation.rb:15:in `create\'\nE, [2022-02-17T19:53:25.388955 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/savon-2.12.0/lib/savon/client.rb:32:in `operation\'\nE, [2022-02-17T19:53:25.389214 #32501] ERROR -- : /Users/Rober/.rvm/gems/ruby-2.4.9/gems/savon-2.12.0/lib/savon/client.rb:36:in `call\'\n

\n

我\xc2\xb4m 对证书一点也不熟练。所以，我找到了这篇文章：SSL_connect returned=1 errno=0 state=SSLv3 read servercertificate B:certificate verify failed基本上 I\xc2\xb4m 尝试了我看到的几乎所有内容，但没有任何效果。

\n

生产环境正在运行 AWS EC2 实例Ubuntu 14.04.6 LTS (GNU/Linux 3.13.0-36-generic x86_64)。

\n

根据我读到的内容，它可能与 ruby​​ 中的 SSL 库有关。这是有道理的，因为我注意到当我使用 ruby​​ 在我的 web 应用程序中请求时，我\xc2\xb4m 收到此错误，但是如果我使用curl 请求，就像curl --header "Content-Type: text/xml;charset=UTF-8" --data @request.xml https://www.booking-manager.com/cbm_web_service2/services/CBM我得到了成功的数据响应。

\n

关于我的红宝石环境：

\n

rvm info\n\nruby-2.4.9:\n\n  system:\n    uname:        "Linux ip-172-31-20-213 3.13.0-36-generic #63-Ubuntu SMP Wed Sep 3 21:30:07 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux"\n    name:         "Ubuntu"\n    version:      "14.04"\n    architecture: "x86_64"\n    bash:         "/bin/bash => GNU bash, version 4.3.11(1)-release (x86_64-pc-linux-gnu)"\n    zsh:          " => not installed"\n    remote_path:  "ubuntu/14.04/x86_64"\n\n  rvm:\n    version:      "1.29.12 (manual)"\n    updated:      "2 months 20 days 19 hours 54 minutes 44 seconds ago"\n    path:         "/usr/share/rvm"\n    autolibs:     "[4] Allow RVM to use package manager if found, install missing dependencies, install package manager (only OS X)."\n\n  ruby:\n    interpreter:  "ruby"\n    version:      "2.4.9p362"\n    date:         "2019-10-02"\n    platform:     "x86_64-linux"\n    patchlevel:   "2019-10-02 revision 67824"\n    full_version: "ruby 2.4.9p362 (2019-10-02 revision 67824) [x86_64-linux]"\n\n  homes:\n    gem:          "/home/ubuntu/.rvm/gems/ruby-2.4.9"\n    ruby:         "/usr/share/rvm/rubies/ruby-2.4.9"\n\n  binaries:\n    ruby:         "/usr/share/rvm/rubies/ruby-2.4.9/bin/ruby"\n    irb:          "/usr/share/rvm/rubies/ruby-2.4.9/bin/irb"\n    gem:          "/usr/share/rvm/rubies/ruby-2.4.9/bin/gem"\n    rake:         "/home/ubuntu/.rvm/gems/ruby-2.4.9/bin/rake"\n\n  environment:\n    PATH:         "/home/ubuntu/.rvm/gems/ruby-2.4.9/bin:/home/ubuntu/.rvm/gems/ruby-2.4.9@global/bin:/usr/share/rvm/rubies/ruby-2.4.9/bin:/usr/share/rvm/bin:/home/ubuntu/.rbenv/plugins/ruby-build/bin:/home/ubuntu/.rbenv/shims:/home/ubuntu/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"\n    GEM_HOME:     "/home/ubuntu/.rvm/gems/ruby-2.4.9"\n    GEM_PATH:     "/home/ubuntu/.rvm/gems/ruby-2.4.9:/home/ubuntu/.rvm/gems/ruby-2.4.9@global"\n    MY_RUBY_HOME: "/usr/share/rvm/rubies/ruby-2.4.9"\n    IRBRC:        "/usr/share/rvm/rubies/ruby-2.4.9/.irbrc"\n    RUBYOPT:      ""\n    gemset:       ""\n

\n

我的 web 应用程序在 nginx 前端下运行，向在 Puma 下运行的 ruby​​ on Rails 发送请求。我的美洲狮版本：

\n

puma -v\n    /home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/lib/puma/puma_http11.so: [BUG] Segmentation fault at 0x00000000000640\n    ruby 2.1.2p95 (2014-05-08 revision 45877) [x86_64-linux]\n    \n    -- Control frame information -----------------------------------------------\n    c:0022 p:-17524110008176 s:0109 e:000108 TOP    [FINISH]\n    c:0021 p:---- s:0107 e:000106 CFUNC  :require\n    c:0020 p:0115 s:0103 e:000102 METHOD /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55\n    c:0019 p:0087 s:0093 e:000092 TOP    /home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/lib/puma/server.rb:15 [FINISH]\n    c:0018 p:---- s:0091 e:000090 CFUNC  :require\n    c:0017 p:0115 s:0087 e:000086 METHOD /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55\n    c:0016 p:0007 s:0077 e:000076 TOP    /home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/lib/puma/runner.rb:3 [FINISH]\n    c:0015 p:---- s:0075 e:000074 CFUNC  :require\n    c:0014 p:0115 s:0071 e:000070 METHOD /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55\n    c:0013 p:0007 s:0061 e:000060 TOP    /home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/lib/puma/cluster.rb:3 [FINISH]\n    c:0012 p:---- s:0059 e:000058 CFUNC  :require\n    c:0011 p:0115 s:0055 e:000054 METHOD /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55\n    c:0010 p:0023 s:0045 e:000044 TOP    /home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/lib/puma/launcher.rb:5 [FINISH]\n    c:0009 p:---- s:0043 e:000042 CFUNC  :require\n    c:0008 p:0115 s:0039 e:000038 METHOD /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55\n    c:0007 p:0039 s:0029 e:000028 TOP    /home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/lib/puma/cli.rb:8 [FINISH]\n    c:0006 p:---- s:0027 e:000026 CFUNC  :require\n    c:0005 p:0115 s:0023 e:000022 METHOD /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55\n    c:0004 p:0007 s:0013 e:000012 TOP    /home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/bin/puma:6 [FINISH]\n    c:0003 p:---- s:0010 e:000009 CFUNC  :load\n    c:0002 p:0135 s:0006 E:001c18 EVAL   /home/ubuntu/.rbenv/versions/2.1.2/bin/puma:23 [FINISH]\n    c:0001 p:0000 s:0002 E:0019f8 TOP    [FINISH]\n    \n    -- Ruby level backtrace information ----------------------------------------\n    /home/ubuntu/.rbenv/versions/2.1.2/bin/puma:23:in `<main>\'\n    /home/ubuntu/.rbenv/versions/2.1.2/bin/puma:23:in `load\'\n    /home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/bin/puma:6:in `<top (required)>\'\n    /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require\'\n    /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require\'\n    /home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/lib/puma/cli.rb:8:in `<top (required)>\'\n    /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require\'\n    /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require\'\n    /home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/lib/puma/launcher.rb:5:in `<top (required)>\'\n    /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require\'\n    /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require\'\n    /home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/lib/puma/cluster.rb:3:in `<top (required)>\'\n    /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require\'\n    /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require\'\n    /home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/lib/puma/runner.rb:3:in `<top (required)>\'\n    /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require\'\n    /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require\'\n    /home/ubuntu/.rvm/gems/ruby-2.4.9/gems/puma-4.3.0/lib/puma/server.rb:15:in `<top (required)>\'\n    /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require\'\n    /home/ubuntu/.rbenv/versions/2.1.2/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require\'\n...\n    \n    [NOTE]\n    You may have encountered a bug in the Ruby interpreter or extension libraries.\n    Bug reports are welcome.\n    For details: http://www.ruby-lang.org/bugreport.html\n    \n    Aborted (core dumped)\n

\n

I\xc2\xb4m 尝试连接到第三方 Web 服务：

\n

client = Savon.client(wsdl: "https://www.booking-manager.com/cbm_web_service2/services/CBM", \n                              #log_level: :info,\n                              log_level: :debug,\n                              log: true,\n                              pretty_print_xml: true,\n                              open_timeout: 300, \n                              read_timeout: 300)\nmessage = {\'in0\' => Yanpy::MMK_USER_ID, \n               \'in1\' => Yanpy::MMK_USERNAME, \n               \'in2\' => Yanpy::MMK_PASSWORD}\n    response = client.call(:get_regions, message: message)\n

\n

更新\n根据下面@jangaraj提供的答案，我可以修复开发环境中的问题：Error Certificate verify failed (certificate has expired)): in Mac OSX 11.6.1 and ruby​​ 3.0.3。但是，我仍然无法解决生产中的问题。我认为造成这种情况的根本原因是，在使用正确的 ca 证书文件更新我的 Web 服务请求之前，我需要清楚该文件在哪里以及它\xc2\xb4s 是否正常工作。\n为此，再次根据我在另一篇开发文章中遵循的步骤，我运行：

\n

openssl s_client -showcerts -host valid-isrgrootx1.letsencrypt.org -port 443\n

\n

我可以按照https://community.letsencrypt.org/t/help-thread-for-dst-root-ca-x3-expiration-september-2021/149190/970中的步骤调试和修复 ca-certificates 配置但是，目前这对我不起作用。\n我看到一些混乱的 ca-certs 文件夹和文件，可能来自不同的安装？我尝试解释一下：

\n

\n
• /usr/share/ca-certificates/mozilla ：我有一个 .crt 文件列表。DST_Root_CA_X3.crt 已删除，ISRG_Root_X1.crt 存在。
\n
• /etc/ca-certificates/update.d 为空。
\n
• /etc/ca-certificates.conf 包含 ca 证书列表。我可以看到 #mozilla/DST_Root_CA_X3.crt 已注释，并且 mozilla/ISRG_Root_X1.crt 可用。
\n
• 上一个文件提到 ca-certs 安装在 /etc/ssl/certs 中，我可以在其中看到上面 /usr/share/ca-certificates/mozilla 文件夹的 simlinks 列表。请注意，有一个指向 DST_Root_CA_X3.crt 的文件/链接已被删除。另一方面，我可以看到：
\n

\n

\n
1. ISRG_Root_X1.pem -> /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt
\n
2. 4042bcee.0 -> ISRG_Root_X1.pem
\n
3. 6187b673.0 -> ISRG_Root_X1.pem
\n

\n

\n

• 但除此之外，在 /etc/ssl/certs 中我还可以看到 ca-certificates.crt ，其中包含以下格式的证书列表：

  \n

  -----开始证书-----\n...\n-----结束证书-----

  \n
\n

• /usr/lib/ssl/certs 似乎具有与 /etc/ssl/certs 相同的证书。

  \n
\n

\n

事实是，当我运行时，openssl s_client -showcerts -host valid-isrgrootx1.letsencrypt.org -port 443我仍然收到下一个错误：

\n

CONNECTED(00000003)\ndepth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1\nverify error:num=20:unable to get local issuer certificate\nverify return:0\n---\nCertificate chain\n 0 s:/CN=origin.letsencrypt.org\n   i:/C=US/O=Let\'s Encrypt/CN=R3\n-----BEGIN CERTIFICATE-----\nMIIFMTCCBBmgAwIBAgISAz+qxNSV9WDWFPKhpVo1EzpqMA0GCSqGSIb3DQEBCwUA\nMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\nEwJSMzAeFw0yMjAyMjMxNTAwMjFaFw0yMjA1MjQxNTAwMjBaMCExHzAdBgNVBAMT\nFm9yaWdpbi5sZXRzZW5jcnlwdC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw\nggEKAoIBAQCZbsEvIzZDb5R7A/pDm4EYksNEMlQEo5uJT+CFA29bb8ldJAcsqdOj\nFge72dr2qWcowC2azODBuS0fE0nMKpt09r+DX/k3HeF2Z9v/HW/B3ManDgpo7FfT\nF6m7zyfEowVPK82hm1aruBlBJAcMZrwOvQIfeiOG6hxkH+ScHmoiiVAlWt1v9wKK\ntgELlhn5OJkGklVX8xPY+2UlEWaSqoyPmiYnAE+tk4vi6kcAYgpcTOUOrsLnVgAW\niy3ShTAlM8AfGnRYV5dkdzSafRmbi2bJXhoINwi2NDKboZHZY88Au8PNZlA32XBo\nE8RBI/bVaK5/rWjN0IJffvv+N5C4kSWLAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8E\nBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQC\nMAAwHQYDVR0OBBYEFLIea0+W5J3EbMku+rkQSL92smpuMB8GA1UdIwQYMBaAFBQu\nsxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYV\naHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5s\nZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9yaWdpbi5sZXRzZW5jcnlwdC5vcmcwTAYD\nVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYa\naHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHx\nAO8AdQDfpV6raIJPH2yt7rhfTj5a6s2iEqRqXo47EsAgRFwqcwAAAX8nT+NHAAAE\nAwBGMEQCIH1xywyRde3OwoG0RZQW0xfXFEfnd5IFDuSEWHmaxaJEAiAmqTVJrTo1\nycmg1DUrlp087WgXdE8RleCkwWLiiCI0gAB2ACl5vvCeOTkh8FZzn2Old+W+V32c\nYAr4+U1dJlwlXceEAAABfydP478AAAQDAEcwRQIgI65GyXpBqx6zYOVRu6jBNVNa\nyXR//Rvfih5E6oR8or0CIQD+GA9xLWfIsexfPpqczQgxlKrHHU7Jm9635VjotOJG\nwTANBgkqhkiG9w0BAQsFAAOCAQEAgUSK3HvXnKsR+WqNSmJvcXPzEZaTTp1sq4++\nzRK6sZ1TJsJQq00aPX1625fSOYNQa0vYDFahfEeXMQ9IceOQJ+HE7NZYgnjnKb3u\n96fhRyGBpPEY3szbtJQWk8oDQgFk3u7FS+AnxyXP88ypiC4iDk16Ab9Nip+8sz6t\nJOzo3KvVlucviS8K4vJemz6WyH8Ux7KX3r/IvPFj7Cx2aBAx6QM7lXWXgo6PHS/r\neo+KjKo0YWZfdXm7oD7VpOlPNr4W7kAuKidmPSwOPB7RGJ/OKfbGiFCVt8Yy9cyp\nhMYLmYJ9qZtxKFGi2kR7Cl/0LuXaBNy4SximhxPUWXQZhoNL3A==\n-----END CERTIFICATE-----\n 1 s:/C=US/O=Let\'s Encrypt/CN=R3\n   i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1\n-----BEGIN CERTIFICATE-----\nMIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw\nWhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg\nRW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\nAoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP\nR5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx\nsxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm\nNHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg\nZ3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG\n/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC\nAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB\nAf8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA\nFHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw\nAoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw\nOi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB\ngt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W\nPTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl\nikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz\nCkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm\nlJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4\navAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2\nyJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O\nyK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids\nhCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+\nHlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv\nMldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX\nnLRbwHOoq7hHwg==\n-----END CERTIFICATE-----\n 2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1\n   i:/O=Digital Signature Trust Co./CN=DST Root CA X3\n-----BEGIN CERTIFICATE-----\nMIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/\nMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\nDkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB\nAQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC\nov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL\nwYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D\nLtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK\n4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5\nbHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y\nsR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ\nXmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4\nFQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc\nSLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql\nPRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND\nTwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw\nSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1\nc3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx\n+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB\nATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu\nb3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E\nU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu\nMA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC\n5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW\n9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG\nWCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O\nhe8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC\nDfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----\n---\nServer certificate\nsubject=/CN=origin.letsencrypt.org\nissuer=/C=US/O=Let\'s Encrypt/CN=R3\n---\nNo client certificate CA names sent\n---\nSSL handshake has read 4700 bytes and written 421 bytes\n---\nNew, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256\nServer public key is 2048 bit\nSecure Renegotiation IS supported\nCompression: NONE\nExpansion: NONE\nSSL-Session:\n    Protocol  : TLSv1.2\n    Cipher    : ECDHE-RSA-AES128-GCM-SHA256\n    Session-ID: 1DA772568CC98B40026497CB0013ABD22F5F2D9142370B99017A3C84EAEBC0BD\n    Session-ID-ctx: \n    Master-Key: C0324E0CDC2FEA59C3A921E1CDCBED19DD7EF2D4785B4BC8208B18934E1E8FA646692F3AAB956CFA2646015AEB3A6AAB\n    Key-Arg   : None\n    PSK identity: None\n    PSK identity hint: None\n    SRP username: None\n    TLS session ticket lifetime hint: 86400 (seconds)\n    TLS session ticket:\n    0000 - a7 64 6c 88 3c 76 89 cf-37 95 cd b6 5f 84 c3 71   .dl.<v..7..._..q\n    0010 - de ca 95 74 f3 f8 9f 08-eb bc e7 be a5 63 ca e4   ...t.........c..\n    0020 - 1e 80 c9 a6 a7 bd fe 9e-a0 ae f7 f1 64 74 b3 ff   ............dt..\n    0030 - e2 8d 1e 2a 51 0a 5a f5-77 6d 86 b6 87 28 a1 2a   ...*Q.Z.wm...(.*\n    0040 - e0 ff 79 d8 d5 89 52 99-a7 50 ca 35 62 30 97 f9   ..y...R..P.5b0..\n    0050 - 24 57 b3 e5 87 4a 60 04-c2 e9 45 c7 47 cd b9 a9   $W...J`...E.G...\n    0060 - b2 d5 f9 82 05 f6 98 5f-54 4a 5e 4a f5 06 66 

    

Answer 1

您似乎正在使用 Ubuntu 14 和 Savon 2 客户端。Savon 2 客户端文档：https://www.savonrb.com/version2/globals.html

ssl_ca_cert_文件

设置要使用的 SSL ca 证书文件。

Savon.client（ssl_ca_cert_file：“lib / ca_cert.pem”）

我想明确ssl_ca_cert_file指出/etc/ssl/certs/ca-certificates.crt。

要确保您的操作系统具有有效的 CA 证书：

apt-get update -y
apt --only-upgrade install -y ca-certificates
update-ca-certificates

Ruby 使用的旧 OpenSSL 版本也可能存在问题。