31

I'm trying to update my Git and by typing the command:

$ git update-git-for-windows

It displays the following error:

curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Note: This problem started to appear after updating Windows to 1909.

Improve this question
2
  • 1
    Not an answer (and a potential security risk!): you could create a ~/.curlrc file with a line containing insecure. This will disable TLS verification for all curl invocations. Commented Feb 29, 2020 at 6:31
  • Are you executing this from behind a corporate firewall by any chance? That was the root cause for me. Commented Oct 28, 2020 at 17:57

10 Answers 10

Reset to default
37

I am using Kaspersky antivirus, and it was blocking the update.

I just disabled the internet and file protection and the update command worked properly. After that you might just enable the antivirus full protection.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

How to proceed when you can't disable antivirus (e.g. at work)?
Yep, it's the antivirus that blocked the SSL verification.
This worked for me as well, using Avast Free Antivirus. Right clicking the icon in the task bar, and turning off the protection for 10 minutes under "Avast protection control" did the job of eliminating this error and updating git properly.
15

Or just look into the latest docs https://git-scm.com/download/win

Close any open instance of Git Bash (thanks @Chrisuu) and run this command in PowerShell:

winget install --id Git.Git -e --source winget
Improve this answer

2 Comments

Encountered Installer failed with exit code: 1. After inspecting the logs, it became clear that the failure was caused by an open instance of Git Bash. The install succeeded after closing the instance and re-running the command.
@Chrisuu your suggestion worked like charm. Thanks
5

I bumped into this exact error message which occurred while on my corporate machine + VPN after running git update-git-for-windows in git bash.

Windows Solution (worked for me):

  1. Identify the location of my ca-bundle.crt on my machine
  2. Navigate to C:\Users\[UserName]\AppData\Local\Programs\Git\mingw64\bin in another Explorer window
  3. Drag and drop a copy of the ca-bundle.crt found in step 1 into the ...\mingw64\bin folder from step 2.
  4. Rename the new copy of the ca-bundle.crt to curl-ca-bundle.crt
  5. Close all instances of git bash, reopen git bash, run git update-git-for-windows

The download was successful for me after completing these steps. Hopefully this saves another weary soul some time with this issue.

Improve this answer

3 Comments

Where can you usually find ca-bundle.crt?
Hi Neo, (at least on Windows) you may be able to find your corporate bundle.crt in your C: drive -> Users -> your username folder. Of course the exact name and location can vary widely based on where you work and the OS you use.
I tried this and it did not work. I had no Git/mingw64/bin under the Programs folder in step 2. So i added those and completed rest of steps but to no avail. still got same error
5

None of the solutions provided worked for me. What did work was:

  1. Identify the installation path of your Git
  2. Enter the mingw64\bin folder
  3. Open your git-update-git-for-windows file
  4. Edit both curl commands available and add the --insecure or -k parameter
  5. Run again git update-git-for-windows

I'm still being blocked at installation probably because our EPM software but at least I can run the update command.

Improve this answer

1 Comment

This is the solution that worked for me so thanks!!! However, what I really want to know is why this quit working if anyone knows. I used this from command line for like two years without an issue. (using a home/personal PC)
1

I can suggest you use Chocolatey package manager to upgrade git:

choco upgrade git
Improve this answer

1 Comment

Chocolatey is very useful in a not controlled environnement but if your company have an EPM software probably it will block installation and/or updates. I was using it before the adoption of an EPM but now it blocks everything choco-related.
0

I solved this issue by these steps:

  1. Visit https://curl.se/docs/caextract.html
  2. Download last cacert-2022-04-26.pem
  3. Rename to curl-ca-bundle.crt
  4. Move the curl-ca-bundle.crt to C:\Program Files\Git\mingw64\bin

Then run again git update-git-for-windows

Improve this answer

1 Comment

does not work for me
0

This normally happens when a firewall inspects the content of https connections. It then issues new certificates based on a company root certificate. So what worked for me was adding this root certificate to Git's ca-bundle.crt file found in C:\Program Files\Git\mingw64\ssl\certs or C:\Program Files\Git\mingw64\etc\ssl\certs.

Improve this answer

Comments

0

I had avast Antivirus in the Windows.

I had to disable avast Antivirus to update git from:

git update-git-for-windows

Make sure to disable antivirus in your windows. Once download is completed you may want to activate antivirus to secure your computer

Improve this answer

Comments

-1

Disable avast for 10 minutes run git update-git-for-windows

Improve this answer

Comments

-1

close all instance of git-bash and open cmd and run this command. it will ask you for download and install type y hit enter.

git update-git-for-windows
Improve this answer

1 Comment

As it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.