If your build uses
curl with HTTPS urls, you might have started to encounter an error. If so, it may look something like this:
curl: (60) SSL certificate problem: certificate has expired More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.
If you are using the CircleCI Linux machine image:
jobs: build: machine: image: ubuntu-1604:202004-01
then a simple workaround for this issue is to manually update the
ca-certificates package. You can do this in your build, before using curl, like this:
sudo apt-get update && sudo apt-get install -y ca-certificates
This problem only occurs with the combination of some HTTPS urls (not all) and an older
ca-certificates package. If you already update packages with
apt-get update that will include the update for
ca-certificates as well.