Yarn Error / server certificate verification failed

Hi,

I have suddenly some problems building my Gatsby App, here are the logs :

4:17:12 PM: Build ready to start
4:17:14 PM: build-image version: c6001ed68662a13e5deb24abec2b46058c58248a
4:17:14 PM: build-image tag: v3.9.0
4:17:14 PM: buildbot version: 1523fa12d6de79e532ed0aff71973c5fbb8e58aa
4:17:14 PM: Building without cache
4:17:14 PM: Starting to prepare the repo for build
4:17:15 PM: No cached dependencies found. Cloning fresh repo
4:17:15 PM: git clone https://github.com/XXXXXXXXXXX/XXXXXXXXX
4:17:16 PM: Preparing Git Reference refs/heads/pre-prod
4:17:17 PM: Parsing package.json dependencies
4:17:18 PM: Starting build script
4:17:18 PM: Installing dependencies
4:17:18 PM: Python version set to 2.7
4:17:19 PM: Downloading and installing node v14.17.5...
4:17:19 PM: Downloading https://nodejs.org/dist/v14.17.5/node-v14.17.5-linux-x64.tar.xz...
4:17:20 PM: Computing checksum with sha256sum
4:17:20 PM: Checksums matched!
4:17:23 PM: Now using node v14.17.5 (npm v6.14.14)
4:17:23 PM: Started restoring cached build plugins
4:17:23 PM: Finished restoring cached build plugins
4:17:23 PM: Attempting ruby version 2.7.2, read from environment
4:17:25 PM: Using ruby version 2.7.2
4:17:25 PM: Using PHP version 5.6
4:17:25 PM: Started restoring cached yarn cache
4:17:25 PM: Finished restoring cached yarn cache
4:17:25 PM: Installing yarn at version 1.22.10
4:17:25 PM: Installing Yarn!
4:17:25 PM: > Downloading tarball...
4:17:25 PM: [1/2]: https://yarnpkg.com/downloads/1.22.10/yarn-v1.22.10.tar.gz --> /tmp/yarn.tar.gz.ESuoC3cTNW
4:17:25 PM:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
4:17:25 PM:                                  Dload  Upload   Total   Spent    Left  Speed
4:17:26 PM:   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
4:17:26 PM: 100    81  100    81    0     0    228      0 --:--:-- --:--:-- --:--:--   228
4:17:26 PM: 100    81  100    81    0     0    228      0 --:--:-- --:--:-- --:--:--   228
4:17:26 PM:   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
4:17:26 PM: curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
4:17:26 PM: More details here: http://curl.haxx.se/docs/sslcerts.html
4:17:26 PM: curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
4:17:26 PM:  bundle file isn't adequate, you can specify an alternate file
4:17:26 PM:  using the --cacert option.
4:17:26 PM: If this HTTPS server uses a certificate signed by a CA represented in
4:17:26 PM:  the bundle, the certificate verification probably failed due to a
4:17:26 PM:  problem with the certificate (it might be expired, or the name might
4:17:26 PM:  not match the domain name in the URL).
4:17:26 PM: If you'd like to turn off curl's verification of the certificate, use
4:17:26 PM:  the -k (or --insecure) option.
4:17:26 PM: [2/2]: https://yarnpkg.com/downloads/1.22.10/yarn-v1.22.10.tar.gz.asc --> /tmp/yarn.tar.gz.ESuoC3cTNW.asc
4:17:26 PM: 100    85  100    85    0     0   1506      0 --:--:-- --:--:-- --:--:--  1506
4:17:26 PM:   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
4:17:26 PM: curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
4:17:26 PM: More details here: http://curl.haxx.se/docs/sslcerts.html
4:17:26 PM: curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
4:17:26 PM:  bundle file isn't adequate, you can specify an alternate file
4:17:26 PM:  using the --cacert option.
4:17:26 PM: If this HTTPS server uses a certificate signed by a CA represented in
4:17:26 PM:  the bundle, the certificate verification probably failed due to a
4:17:26 PM:  problem with the certificate (it might be expired, or the name might
4:17:26 PM:  not match the domain name in the URL).
4:17:26 PM: If you'd like to turn off curl's verification of the certificate, use
4:17:26 PM:  the -k (or --insecure) option.
4:17:26 PM: > Failed to download https://yarnpkg.com/downloads/1.22.10/yarn-v1.22.10.tar.gz.
4:17:26 PM: mv: cannot stat '/opt/buildhome/.yarn': No such file or directory
4:17:26 PM: No yarn workspaces detected
4:17:26 PM: Started restoring cached node modules
4:17:26 PM: Finished restoring cached node modules
4:17:26 PM: /opt/build-bin/run-build-functions.sh: line 141: yarn: command not found
4:17:26 PM: Installing NPM modules using Yarn version
4:17:27 PM: /opt/build-bin/run-build-functions.sh: line 152: yarn: command not found
4:17:27 PM: Error during Yarn install
4:17:27 PM: Build was terminated: Build script returned non-zero exit code: 1
4:17:27 PM: Creating deploy upload records
4:17:27 PM: Failing build: Failed to build site
4:17:27 PM: Failed during stage 'building site': Build script returned non-zero exit code: 1
4:17:27 PM: Finished processing build request in 13.005414871s

NETLIFY_USE_YARN : true
NODE_VERSION : 14.17.5

Any ideas ?

Also suddenly getting the same error as of this morning.

7:55:59 AM: > Downloading tarball...
7:55:59 AM: [1/2]: https://yarnpkg.com/downloads/1.13.0/yarn-v1.13.0.tar.gz --> /tmp/yarn.tar.gz.BodhMwxwKI
7:55:59 AM:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
7:55:59 AM:                                  Dload  Upload   Total   Spent    Left  Speed
7:55:59 AM:   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
7:55:59 AM: 100    79  100    79    0     0    403      0 --:--:-- --:--:-- --:--:--   405
7:55:59 AM:   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
7:55:59 AM: curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

Hi folks!

Thanks for reaching out and reporting this. Can you both share your site name as well as your project repo? Thank you!

Hi !

inspiring-gates-c3025d

This issue has been happening for hours. Can we at least have some ETA for the fix?

Hi there, @DaNG Thanks so much for sharing this. Our Engineers have been notified and are digging in to this. I will update this thread as soon as I have further information.

In the interim, if you switch your build image to Focal does that mitigate the issue?

Hum …

switch to Focal seems to work but provide another issue :

6:01:55 PM:   2. Build command from Netlify app                             
6:01:55 PM: ────────────────────────────────────────────────────────────────
6:01:55 PM: ​
6:01:55 PM: $ gatsby build
6:01:59 PM: success open and validate gatsby-configs - 0.049s
6:01:59 PM: warning Plugin gatsby-plugin-google-tagmanager is not compatible with your gatsby version 2.32.13 - It requires gatsby@^3.0.0-next.0
6:02:00 PM: success load plugins - 0.805s
6:02:00 PM: success onPreInit - 0.037s
6:02:00 PM: success delete html and css files from previous builds - 0.003s
6:02:00 PM: success initialize cache - 0.006s
6:02:00 PM: success copy gatsby files - 0.048s
6:02:00 PM: success onPreBootstrap - 0.017s
6:02:00 PM: success createSchemaCustomization - 0.004s
6:02:00 PM: success Checking for changed pages - 0.000s
6:02:00 PM: success source and transform nodes - 0.369s
6:02:01 PM: success building schema - 0.371s
6:02:01 PM: info Total nodes: 207, SitePage nodes: 1 (use --verbose for breakdown)
6:02:01 PM: success createPages - 0.001s
6:02:01 PM: success Checking for changed pages - 0.000s
6:02:01 PM: success createPagesStatefully - 0.079s
6:02:01 PM: success update schema - 0.024s
6:02:01 PM: success onPreExtractQueries - 0.001s
6:02:05 PM: success extract queries from components - 4.197s
6:02:05 PM: success write out redirect data - 0.001s
6:02:05 PM: success Build manifest and related icons - 0.129s
6:02:05 PM: success onPostBootstrap - 0.132s
6:02:05 PM: info bootstrap finished - 9.768s
6:02:05 PM: success run static queries - 0.015s - 1/1 65.66/s
6:02:05 PM: success run page queries - 0.005s - 5/5 937.49/s
6:02:05 PM: success write out requires - 0.005s
6:04:15 PM: success Building production JavaScript and CSS bundles - 129.835s
6:04:15 PM: success Rewriting compilation hashes - 0.002s
6:04:43 PM: success Building HTML renderer - 27.718s
6:04:44 PM: failed Building static HTML for pages - 1.046s
6:04:44 PM: error Building static HTML failed
6:04:44 PM: 
6:04:44 PM:   13 |
6:04:44 PM:   14 | var HIGHLIGHT_THEME = {
6:04:44 PM: > 15 |   brackets: _nanocolors.default.cyan,
6:04:44 PM:      | ^
6:04:44 PM:   16 |   'at-word': _nanocolors.default.cyan,
6:04:44 PM:   17 |   comment: _nanocolors.default.gray,
6:04:44 PM:   18 |   string: _nanocolors.default.green,
6:04:44 PM: 
6:04:44 PM:   WebpackError: TypeError: Cannot read property 'cyan' of undefined
6:04:44 PM:   
6:04:44 PM:   - terminal-highlight.js:15 
6:04:44 PM:     node_modules/postcss/lib/terminal-highlight.js:15:1
6:04:44 PM:   
6:04:44 PM:   - css-syntax-error.js:8 
6:04:44 PM:     node_modules/postcss/lib/css-syntax-error.js:8:49
6:04:44 PM:   
6:04:44 PM:   - node.js:6 
6:04:44 PM:     node_modules/postcss/lib/node.js:6:46
6:04:44 PM:   
6:04:44 PM:   - declaration.js:6 
6:04:44 PM:     node_modules/postcss/lib/declaration.js:6:36
6:04:44 PM:   
6:04:44 PM:   - postcss.js:6 
6:04:44 PM:     node_modules/postcss/lib/postcss.js:6:43
6:04:44 PM:   
6:04:44 PM:   - autoprefixer.js:8 
6:04:44 PM:     node_modules/gatsby-plugin-material-ui/autoprefixer.js:8:39
6:04:44 PM:   
6:04:44 PM:   - gatsby-ssr.js:18 
6:04:44 PM:     node_modules/gatsby-plugin-material-ui/gatsby-ssr.js:18:44
6:04:44 PM:   
6:04:44 PM: 
6:04:45 PM: ​
6:04:45 PM: ────────────────────────────────────────────────────────────────
6:04:45 PM:   "build.command" failed                                        
6:04:45 PM: ────────────────────────────────────────────────────────────────
6:04:45 PM: ​
6:04:45 PM:   Error message
6:04:45 PM:   Command failed with exit code 1: gatsby build
6:04:45 PM: ​
6:04:45 PM:   Error location
6:04:45 PM:   In Build command from Netlify app:
6:04:45 PM:   gatsby build
6:04:45 PM: ​
6:04:45 PM:   Resolved config
6:04:45 PM:   build:
6:04:45 PM:     command: gatsby build
6:04:45 PM:     commandOrigin: ui
6:04:45 PM:     environment:
6:04:45 PM:       - GATSBY_API_URL
6:04:45 PM:       - NETLIFY_USE_YARN
6:04:45 PM:       - NODE_VERSION
6:04:45 PM:     publish: /opt/build/repo/public
6:04:45 PM:     publishOrigin: ui
6:04:45 PM:   plugins:
6:04:45 PM:     - inputs: {}
6:04:45 PM:       origin: ui
6:04:45 PM:       package: '@netlify/plugin-gatsby'
6:04:45 PM: Caching artifacts
6:04:45 PM: Started saving node modules
6:04:45 PM: Finished saving node modules
6:04:45 PM: Started saving build plugins
6:04:45 PM: Finished saving build plugins
6:04:45 PM: Started saving yarn cache
6:04:56 PM: Finished saving yarn cache
6:04:56 PM: Started saving pip cache
6:04:56 PM: Finished saving pip cache
6:04:56 PM: Started saving emacs cask dependencies
6:04:56 PM: Finished saving emacs cask dependencies
6:04:56 PM: Started saving maven dependencies
6:04:56 PM: Finished saving maven dependencies
6:04:56 PM: Started saving boot dependencies
6:04:56 PM: Finished saving boot dependencies
6:04:56 PM: Started saving rust rustup cache
6:04:56 PM: Finished saving rust rustup cache
6:04:56 PM: Started saving go dependencies
6:04:56 PM: Finished saving go dependencies
6:04:59 PM: Build failed due to a user error: Build script returned non-zero exit code: 2
6:04:59 PM: Creating deploy upload records
6:04:59 PM: Failing build: Failed to build site
6:04:59 PM: Failed during stage 'building site': Build script returned non-zero exit code: 2
6:04:59 PM: Finished processing build request in 5m41.078810251s

strange

and that consume my build minutes

Hi folks, thanks to your patience here.

As an update: Builds using the Xenial and Trusty versions of our build image (configured in each site’s Deploy Settings page) that require a download of yarn are failing. This will impact only builds without an already-cached copy of yarn. We’re working on a fix but in the meantime, builds on our newer (default) Focal build image are not affected; you can update to the new image to work around this immediately.

For up to date information, please follow the Netlify Status Page.

@jomoka I’m glad to hear that updating to Focal fixed the Yarn installation issue. Unfortunately, it seems you’ve now run into a dependency mismatch with the Focal’s available installed software.

We have a build image migration guide with general troubleshooting steps for updating build images. It may take a few more builds to figure out, but on the plus side, once you’re building successfully on Focal, you can stay there. The Xenial build image will be scheduled for deprecation in the next few months, so you’ll have a head start on that. Or you can wait for this incident to be resolved, which we’re hoping should happen fairly soon.

Hi folks,

For further information and mitigation advice covering ways to work around SSL-caused build failures, please look at this update:
https://answers.netlify.com/t/ways-to-work-around-ssl-caused-build-failures/44945

We will stay tuned to this thread for questions and will update it with more information when it is available. Thank you!

Confirmed that switching the build image to Ubuntu 20.04 LTS fixed the issue

that’s great to know!

Hi folks,

A fix has been implemented. The mitigation is automatic on Xenial, but Trusty sites will have to update to Xenial or Focal in order to mitigate. We’ll continue to monitor for a while before resolving the incident. As always, you can view our Status Page here.