Summary

This article helps in solving SSL errors that occur while executing curl commands on a third-party URL from Bitbucket cloud pipelines build script.

curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.

Diagnosis

• The issue could have been caused due to an older version of OpenSSL on the docker image
• Update the open SSL version on your local docker terminal
• Try to reproduce the issue on local docker using the same image that the pipeline build was running

• Kindly follow the steps below to locally spin up a docker container and verify if the command is successful
  
  

  git clone https://<bb_username>@bitbucket.org/<workspace_id>/<repo>.git
  
  cd <repo>
  
  git checkout <commit id for which the pipeline was triggered>
  
  docker run -it --volume=$PWD:/docker_dir --workdir="/docker_dir" --memory=4g --memory-swap=4g --memory-swappiness=0 --entrypoint=/bin/bash 432815428702.dkr.ecr.eu-central-1.amazonaws.com/ruby-chrome-driver@sha256:f7941c322d20619abb9c09e3d64d22d206cb143e0f384bcaa78ad695f6fbac15
  
  #failed command

  
  Reference: [https://support.atlassian.com/bitbucket-cloud/docs/debug-pipelines-locally-with-docker/]

Solution

If the command fails on the local docker container, please upgrade the OpenSSL version.

sudo yum update -y openssl

If you are using an older version of atlassian/default-image, please update the bitbucket-pipelines.yml file to use the latest image - <image name here>. Example: "atlassian/default-image:4"