OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed

[vyankateshmadgundi-ayla]

ruby 1.9.3-p484
gem 'rails', '3.2.21'
gem 'twilio-ruby', '~> 4.11.1'

Issue Summary

When we validate phone numbers with Twilio we get error:
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed
It was working 3-4 weeks back.

Steps to Reproduce

1. Rails Console

Code Snippet

irb(main):009:0> tw = Twilio::REST::LookupsClient.new(auth_id,auth_token).phone_numbers.get(valid_phone_number)
=> <Twilio::REST::Lookups::PhoneNumber @path=/v1/PhoneNumbers/+91xxxxxxxxx>
irb(main):010:0> tw.phone_number
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed

Exception/Log

# paste exception/log here

Technical details:

• twilio-ruby version: 4.11.1
• ruby version: 1.9.3-p484

[ClayCribbs]

Having the same issue it just started

ruby 2.3.6p384
Rails 3.2.22.5
twilio-ruby (4.13.0)
twiliolib (2.0.7)

[ClayCribbs]

@vyankateshmadgundi-ayla the cacert.pem file included in the old version is expired. I was able to get around this by adding an initializer with the new path and including a new cacert.pem found here https://curl.se/docs/caextract.html

module Twilio
  module Util
    class ClientConfig
      DEFAULTS = {
          host: 'api.twilio.com',
          port: 443,
          use_ssl: true,
          ssl_verify_peer: true,
          ssl_ca_file: Rails.root.join('config', 'initializers', 'twilio_ruby', 'cacert.pem').to_s,
          timeout: 30,
          proxy_addr: nil,
          proxy_port: nil,
          proxy_user: nil,
          proxy_pass: nil,
          retry_limit: 1
      }

      DEFAULTS.each_key do |attribute|
        attr_accessor attribute
      end

      def initialize(opts={})
        DEFAULTS.each do |attribute, value|
          send("#{attribute}=".to_sym, opts.fetch(attribute, value))
        end
      end
    end
  end
end

[GuiGreg]

I upgraded the gem version from twilio-ruby (3.11.6) to twilio-ruby (6.9.0)
My integration was fairly simple so it was easy to upgrade and it fixed it.

[ClayCribbs]

Instead of overwriting in an initializer, I ended up setting an ENV variable with the path to my new cacert and calling client like this Twilio::REST::Client.new(account_id, auth_token, ssl_ca_file: TWILIO_CACERT_PATH)

[vyankateshmadgundi-ayla]

Instead of overwriting in an initializer, I ended up setting an ENV variable with the path to my new cacert and calling client like this Twilio::REST::Client.new(account_id, auth_token, ssl_ca_file: TWILIO_CACERT_PATH)

Thank you @ClayCribbs for your quick reply. Please let me know the expiry of the SSL Certificate.

[ana-andresdelvalle]

Do you know if there is any way to solve this certificate update without redeploying my application?
I use an old version of Ruby and I have started having this issue. My application is on an old Heroku Stack and I cannot redeploy.

Any help appreciated.

[nchatu]

Do you know if there is any way to solve this certificate update without redeploying my application? I use an old version of Ruby and I have started having this issue. My application is on an old Heroku Stack and I cannot redeploy.

Any help appreciated.

I got in to same situation. There was no other option for me but to move off from heroku. I dockerize the app and deployed in a droplet in Digital Ocean.

[ana-andresdelvalle]

@nchatu I think I will not have any other option myself too. I will look into this. Any good document pointers you can lead me to. I am a newbie in Digital Ocean.