geocoder: SSL certificate has expired

We are using ipinfo_io for reverse geocoding. Today we are receiving an error

OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=error: certificate verify failed (certificate has expired))

The SSL cert for our application is current and valid. But it seems somewhere in the chain the app is attempting to validate against an old expired certificate.

ipinfo_io calls using curl from the command line work fine:

curl https://ipinfo.io/8.8.8.8/city
Mountain View

But the error occurs when reverse_geocode is called from within the app. Any advice would be greatly appreciated. Thanks for a great gem!

About this issue

Original URL
State: closed
Created 3 years ago
Reactions: 3
Comments: 22 (5 by maintainers)

Most upvoted comments

The issue that we’ve narrowed this down to is our server’s ca-certificates package being out of date. Running an update on that package makes the geocoder calls successful. (Our server is CentOS so we use yum but there should be similar packages for Alpine or Debian based distros)

yum update ca-certificates
bin/rails c
Model.first.geocode # This call is now successful.

willtcarey on Sep 30, 2021

@dylanbromby you are correct - apologies for the typo 😉

vanboom on Nov 9, 2021

Thanks @Nowaker! That’s extremely helpful, and I really like your suggestion. However, as you say, it’s not a Geocoder issue and it seems like the best place for the workaround would be in an app-level initializer (especially if Geocoder isn’t the only thing using OpenSSL).

So I think I’m in favor of rescuing and re-raising an error with a helpful message, but not in favor of adding the config option.

But I’m open to discussion.

alexreisner on Oct 14, 2021

Thanks @vanboom and @willtcarey for posting your solutions!

alexreisner on Sep 30, 2021