OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)

Question

There are a ton of posts about this. I have looked at so many of them. Zero of the fixes seem to work.

(main)> PayPal:         


        

Answer 1

Its possible to fix this by using the server's own CA file.

Try setting ssl_options: { ca_file: nil }.

This causes the paypal.crt CA file bundled with the paypal-sdk gem to be ignored.

For apps using PayPal::SDK.configure(...)

PayPal::SDK.configure(
  mode: ...,
  client_id: ...,
  client_secret: ...,

  # Deliberately set ca_file to nil so the system's Cert Authority is used,
  # instead of the bundled paypal.crt file which is out-of-date due to:
  # https://www.paypal.com/va/smarthelp/article/discontinue-use-of-verisign-g5-root-certificates-ts2240
  ssl_options: { ca_file: nil }
)

For apps using a YAML config file

In config/paypal.yml or wherever your config file is located:

ssl_options:
  ca_file: null