cURL Certificate Problem - server certificate verification failed

If your build uses curl with HTTPS urls, you might have started to encounter an error. If so, it may look something like this:

curl: (60) SSL certificate problem: certificate has expired
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.

If you are using the CircleCI Linux machine image:

jobs:                                                                                             
  build:                                                                                          
    machine:                                                                                      
      image: ubuntu-1604:202004-01

then a simple workaround for this issue is to manually update the ca-certificates package. You can do this in your build, before using curl, like this:

sudo apt-get update && sudo apt-get install -y ca-certificates

This problem only occurs with the combination of some HTTPS urls (not all) and an older ca-certificates package. If you already update packages with apt-get update that will include the update for ca-certificates as well.