There are a couple of ways you can work around the error in our build network incident. In more detail, you’ll see logs exactly matching this during your build:
7:41:37 AM: curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none 7:41:37 AM: More details here: http://curl.haxx.se/docs/sslcerts.html 7:41:37 AM: curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default 7:41:37 AM: bundle file isn't adequate, you can specify an alternate file 7:41:37 AM: using the --cacert option. 7:41:37 AM: If this HTTPS server uses a certificate signed by a CA represented in 7:41:37 AM: the bundle, the certificate verification probably failed due to a 7:41:37 AM: problem with the certificate (it might be expired, or the name might 7:41:37 AM: not match the domain name in the URL). 7:41:37 AM: If you'd like to turn off curl's verification of the certificate, use 7:41:37 AM: the -k (or --insecure) option.
Mitigation option 1: Preferred and most futureproof is upgrading to our Focal build image, which is not affected by the problem, is our current default version, and is the most up to date version we have. More details about the new image can be found in this article:
…and migration information is in this post:
Mitigation option 2: If you cannot upgrade, or the upgrade does not work for your build pipeline, you could also try to prevent yarn usage and use
npm instead. This won’t work well for some types of builds (for instance, some that use yarn explicitly during customer-configured build steps), but you can prevent our auto-installation by setting a Build Environment Variable
false, and the build will fall back to using
npm instead as long as you have a
Please Note: If you are not currently experiencing the problem on a site using yarn and an older build image, it is likely due to the caching of a yarn binary with your dependencies; we recommend against using
clear cache option with retrying a deploy right now as that will remove the cached version!