In my case, I tried to install bundler using
gem install bundler and instantly got the following error:
Initially, suspecting a problem with the openssl version installed, I ran
just to see that the openssl version seemed reasonably up to date. Since openssl did not appear to be the problem I started googling and found out the following:
The problem is explained in detail on rubygems.org, but in short the trusted certificates that are used to verfiy connections to rubygems.org in order to download gems are bundled with the
gem command line tool. That means, whenever the certificate on rubygems.org is updated, your
gem tool can no longer verify the validity of the new certificate since it doesn’t yet know it. Consequently, you’ll need to update the
gem tool to know about the most recent certificate.
This is the quickest but dirtiest solution to the problem. Instead of trying to access https://rubygems.org (which is the default behaviour when running
gem install), we’ll instead access http://rubygems.org so no certificate validation will take place.
To override the remote source (defaulting to
https://rubygems.org), use the
--source command line option when installing a gem.
E.g. you can run
gem install --source http://rubygems.org to bypass https.
Please note that this quick fix is absolutely not recommended, since you’re bypassing all encryption and will send and receive the data unencrypted.
Apart from being insecure the above option also induces the problem of requiring you to always explicitely tell the install command to use the non-https source.
Looking for a more permanent solution, I stumbled upon the help site on rubygems.org.
There you’ll get a detailed explanation on why the error occurs and how it can be fixed. Spoiler: You’ll have to update your local installation of
rubygems. Detailed insstructions on how to perform the update are given here.
As soon as you’ve updated your
gem installation, you’ll be able to use
gem commands as usual.