I want to use the asset_sync gem to compile my Rails-assets locally and then upload them to my S3 bucket. But when I try to compile & upload them the rake task aborts because it's unable to verify the SSL-certificate.
I'm struggling around for 3 days to find a workaround for this problem but nothing solved it.
Found out that the OpenSSL of rubyinstaller.org's builds is broken, but even if I set SSL_CERT_FILE manually the rake task fails with the same error (Even though I can make a HTTPS-connection in ruby with that setting).
Works:
set SSL_CERT_FILE=C:\ruby\cacert_test\cacert.pem
ruby -ropen-uri -e 'puts open("https://www.google.com/accounts").read'
Fails:
set SSL_CERT_FILE=C:\ruby\cacert_test\cacert.pem
bundle exec rake assets:precompile RAILS_ENV=production
System: Win 8.1 (x64) and ruby 2.1 (x64) (from rubyinstaller)
Error-log:
Excon::Errors::SocketError: Unable to verify certificate, please set `Excon.defaults[:ssl_ca_path] = path_to_certs`, `ENV['SSL_CERT_DIR'] = path_to_certs`, `Excon.defaults[:ssl_ca_file] = path_to_file`, `ENV['SSL_CERT_FILE'] = path_to_file`, `Excon.defaults[:ssl_verify_callback] = callback` (see OpenSSL::SSL::SSLContext#verify_callback), or `Excon.defaults[:ssl_verify_peer] = false` (less secure).
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
...
Related:
Ok, found a workaround here.
Just add to config/initializers/asset_sync.rb:
require 'excon'
Excon.ssl_verify_peer = false
It's not the safest thing, but it works for my purposes.
Maybe it will work too if I set Excon.ssl_ca_path to the OpenSSL CA-directory. I will test that soon and will update this answer when I found out.