unable to check ‘https://nixos.org/channels/nixpkgs-unstable’ on OS X 10.10.5

[Treeant34]

Tried installing Nix twice on OS X 10.10.5 (VMWare Fusion 8) using the shell command (curl https://nixos.org/nix/install | sh) and keep getting the same error (unable to check ‘https://nixos.org/channels/nixpkgs-unstable’).

I'm a total Nix Newb not sure how to install this.

I have not installed XCode as the page here (https://nixos.org/wiki/Nix_on_OS_X) seems to indicate it is no longer required in the compatibility table).

Any help would be appreciated...

Last login: Sat Dec  5 09:23:41 on console
Eds-Mac:~ forqmang$ curl https://nixos.org/nix/install | sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1332  100  1332    0     0    944      0  0:00:01  0:00:01 --:--:--   945
unpacking Nix binary tarball for x86_64-darwin from `https://nixos.org/releases/nix/nix-1.10/nix-1.10-x86_64-darwin.tar.bz2'...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 27.4M  100 27.4M    0     0   235k      0  0:01:59  0:01:59 --:--:--  383k
performing a single-user installation of Nix...
directory /nix does not exist; creating it by running ‘?? using sudo

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Password:
copying Nix to /nix/store........................
initialising Nix database...
creating /Users/forqmang/.nix-profile
installing ‘nix-1.10’
building path(s) ‘/nix/store/bfhj0nrjnfwhph4fxzz12zlsanj5bvrm-user-environment’
created 7 symlinks in user environment
installing ‘cacert-20140715’
building path(s) ‘/nix/store/dv9in93k3xgyyj8wcrg6nzhnf3f4qqyf-user-environment’
created 9 symlinks in user environment
/nix/store/1rn8whr57nnkcfaqf3v0d741prfcd8ky-nix-1.10/bin/nix-channel: unable to check ‘https://nixos.org/channels/nixpkgs-unstable’
Eds-Mac:~ forqmang$ 

[vcunat]

As a work-around, it might help to change https to http in ~/.nix-channels. It once helped for me on Linux. (I suspect the certificate isn't trusted in a default Mac OS setting.)

[roxma]

So what is the cause of this issue?

[domenkozar]

It sounds like it's a certificate problem on OSX. Similar to #921

Try manually:

nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs

[tilmans]

Having the same issue on my machine, I'd like to take a closer look at what's happening under the hood. Are there log files or can I switch on a verbose mode that shows me all the calls being made? I'm pretty new to Nix so links to the relevant documentation would be fine.

[NeQuissimus]

I am seeing the same issue using Nix on Ubuntu 16.04.
The workaround (switching to HTTP) no longer works because the HTTP URL forwards to an HTTPS one on CloudFront, which then throws the same issue.

[siriobalmelli]

FWIW it seems that nix-channel --update from a user account succeeds, whereas it fails if run sudo.

On OS X 10.11.6, the following worked around the issue:

sudo nix-channel --remove nixpkgs
sudo nix-channel --update
nix-channel --add https://nixos.org/channels/nixpkgs-unstable
nix-channel --update

TBH I'm not sure why specifically.

Notes:

• I don't have Cloudfront's or Nix's certs specifically installed in keychain
• This is just after stock install with curl https://nixos.org/nix/install | sh

[norival]

Hi! I'm having that same issue on Ubuntu 14.04. I tried the workarounds stated here but nothing worked.
Any ideas?

Thanks!

[arichiardi]

Same issue here on Ubuntu 16.04

[domenkozar]

@norival @arichiardi are those issues upon installation?

[norival]

@domenkozar yes, during installation, using this command:
curl https://nixos.org/nix/install | sh

[norival]

I tried some dirty hacks on the nix-channel script in /nix/store/b4s1...-nix-1.11.15/bin/ and saw that if I replace nix's curl by system's curl, I don't get that error. Everything goes fine until line 160 where there is a call to nix-prefetch-url. Here I got a new error:

error: unable to download ‘https://d3g5gsiof5omrk.cloudfront.net/nixpkgs/nixpkgs-18.03pre120540.b8f7027360/nixexprs.tar.xz’: SSL connect error (35)

cannot fetch ‘https://d3g5gsiof5omrk.cloudfront.net/nixpkgs/nixpkgs-18.03pre120540.b8f7027360/nixexprs.tar.xz’

I don't know if this can help... Also, this is at my office computer where there is a http proxy. Maybe the problem comes from it... I tried at home on ArchLinux and everything is ok.

Thanks!

[johbo]

Got into this issue on my nixos vm, I've realized that I did have a version of nix installed in my user's profile. After removing it things worked again.
I think if something was mixed up with ssl certificates it might explain it.

[metal-young]

Same problem with MacOS 10.13.4

[peti]

I read in one of the many threads around this issue that ǹix-channel --update succeeds when run as a normal user but not when run through sudo. Is it possible that we set up the shell environment correctly for curl to find the necessary SSL certificates, but then those settings are not preserved through the sudo call?

[LnL7]

I'm guessing NIX_SSL_CERT_FILE is not set yet at the point where the channel update runs. This still a problem with the current installer?

[metal-young]

ubuntu try
nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs

nix-channel: command not found

[bbarker]

I'm having this issue again, and really need a workaround to contineu working on a project; I tried http instead of https but nix-channel --update doesn't like it either:

error: unable to download 'http://nixos.org/channels/nixos-unstable': HTTP error 301 (curl error: Problem with the SSL CA cert (path? access rights?))

[eglyph]

Apparently, still happens. Can't verify whether there's an SSL intercepting proxy in my network, but found a workaround: export SSL_CERT_FILE=~/.nix-profile/etc/ssl/certs/ca-bundle.crt.

MacOS 10.14, nix-env (Nix) 2.2.2

[shepting]

This is still an issue for me. And neither of the following helped:

export SSL_CERT_FILE=~/.nix-profile/etc/ssl/certs/ca-bundle.crt
export NIX_SSL_CERT_FILE=~/.nix-profile/etc/ssl/certs/ca-bundle.crt

MacOS 10.14.6, nix-env

Update: I believe that this was related to my employer's network firewall.

[stale]

I marked this as stale due to inactivity. → More info

[stale]

I closed this issue due to inactivity. → More info

[dantuck]

I am still seeing the same thing. My network is using zscaler as a forced vpn.

[redxtech]

I'm also using nix on rocky linux, having this error.

When running nix-channel --update, i get this output:

unpacking channels...
warning: error: unable to download 'https://cache.nixos.org/rpch6rz8nl0wr7ngwrhs2jhkl14lqkag.narinfo': SSL connect error (35); retrying in 305 ms
warning: error: unable to download 'https://cache.nixos.org/rpch6rz8nl0wr7ngwrhs2jhkl14lqkag.narinfo': SSL connect error (35); retrying in 535 ms
warning: error: unable to download 'https://cache.nixos.org/rpch6rz8nl0wr7ngwrhs2jhkl14lqkag.narinfo': SSL connect error (35); retrying in 1356 ms
warning: error: unable to download 'https://cache.nixos.org/rpch6rz8nl0wr7ngwrhs2jhkl14lqkag.narinfo': SSL connect error (35); retrying in 2093 ms
error: unable to download 'https://cache.nixos.org/rpch6rz8nl0wr7ngwrhs2jhkl14lqkag.narinfo': SSL connect error (35)
error: program '/nix/store/3wqasl97rjiza3vd7fxjnvli2w9l30mk-nix-2.17.0/bin/nix-env' failed with exit code 1

I've tried forcing ipv4, and I've also uninstalled tailscale, so that shouldn't be causing the issue.

My NIX_SSL_CERT_FILE env var is set to /etc/ssl/certs/ca-bundle.crt, and I've confirmed that it exists and is readable by my user.

Not sure what else to try here.

[axhon]

i am also seeing the same problem and like @dantuck i am behind a zscaler vpn. i've tried using the NIX_SSL_CERT_FILE env variable but not luck. its a shame, i wanted to share this with our team as a solution

[BuruY]

I have the exact same issue running behind a zscaler VPN, I have added the zscaler certs to the NIX_SSL_CERT_FILE, still having the same issues

[domenkozar]

See #7808 (comment)